Also support explicit backtick quote for MySql

Author: fluentfuture

mug-safesql/src/main/java/com/google/mu/safesql/OrderBy.java

@@ -9,6 +9,7 @@
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
+import java.util.function.Function;
 import java.util.stream.Collector;
 import java.util.stream.Collectors;
 import java.util.stream.IntStream;
@@ -18,21 +19,41 @@
 import com.google.mu.util.stream.BiStream;
 
 final class OrderBy {
-  private static final StringFormat QUOTED_IDENTIFIER = new StringFormat("\"{identifier}\"");
+  private static final StringFormat DOUBLE_QUOTED = new StringFormat("\"{identifier}\"");
+  private static final StringFormat BACKTICK_QUOTED = new StringFormat("`{identifier}`");
+  private static final StringFormat.Template<SafeSql> DOUBLE_QUOTE_IT = SafeSql.template("\"{identifier}\"");
+  private static final StringFormat.Template<SafeSql> BACKTICK_IT = SafeSql.template("`{identifier}`");
 
   final String columnName;
+  private final Function<String, SafeSql> asIdentifier;
   private final boolean descending;
 
-  private OrderBy(String columnName, boolean descending) {
-    this.columnName =
-        QUOTED_IDENTIFIER.parse(columnName, identifier -> identifier).orElse(columnName);
+  private OrderBy(String columnName, Function<String, SafeSql> asIdentifier, boolean descending) {
+    this.columnName = columnName;
+    this.asIdentifier = asIdentifier;
     this.descending = descending;
   }
+ 
+  private static OrderBy by(String columnName, boolean descending) {
+    OrderBy orderBy =
+        DOUBLE_QUOTED.parse(columnName, id -> new OrderBy(id, DOUBLE_QUOTE_IT::with, descending))
+            .orElse(null);
+    if (orderBy != null) {
+      return orderBy;
+    }
+    orderBy =
+        BACKTICK_QUOTED.parse(columnName, id -> new OrderBy(id, BACKTICK_IT::with, descending))
+            .orElse(null);
+    if (orderBy != null) {
+      return orderBy;
+    }
+    return new OrderBy(columnName, DOUBLE_QUOTE_IT::with, descending);
+  }
 
   SafeSql sql() {
     return descending
-        ? SafeSql.of("\"{column}\" DESC", columnName)
-        : SafeSql.of("\"{column}\"", columnName);
+        ? SafeSql.of("{column} DESC", asIdentifier.apply(columnName))
+        : asIdentifier.apply(columnName);
   }
 
   static Collector<String, ?, List<OrderBy>> parsingToDistinctOrderByList() {
@@ -69,7 +90,7 @@ private static SafeSql after(Map<String, ?> columnValues, List<OrderBy> orderByL
   }
 
   private SafeSql is(SafeSql relativeTo, Object pageEnd) {
-    return SafeSql.of("\"{column}\" {relative_to} {page_end}", columnName, relativeTo, pageEnd);
+    return SafeSql.of("{column} {relative_to} {page_end}", asIdentifier.apply(columnName), relativeTo, pageEnd);
   }
 
   private SafeSql after() {
@@ -78,9 +99,9 @@ private SafeSql after() {
 
   private static OrderBy parse(String orderBy) {
     orderBy = orderBy.trim();
-    return last('"').or(Substring.BEGINNING).then(last(Character::isWhitespace))
+    return last(c -> c == '"' || c == '`').or(Substring.BEGINNING).then(last(Character::isWhitespace))
         .splitThenTrim(orderBy)
-        .map((name, dir) -> new OrderBy(name, dir.toUpperCase(Locale.US).equals("DESC")))
-        .orElse(new OrderBy(orderBy, false));
+        .map((name, dir) -> by(name, dir.toUpperCase(Locale.US).equals("DESC")))
+        .orElse(by(orderBy, false));
   }
 }

mug-safesql/src/main/java/com/google/mu/safesql/SafeSql.java

@@ -982,9 +982,9 @@ public <T> Optional<T> queryForOne(
    * If {@code orderByKeys} is empty, the paginated query will use {@code OFFSET} keyword
    * instead of the sort key columns to specify the next page offset.
    * 
-   * <p>The {@code orderByKeys} column names are automatically double-quoted to avoid clashing
-   * with keywords or spaces in identifiers. 
-   * If your DB is case sensitive, make sure you pass in the accurate case.
+   * <p>By default, the {@code orderByKeys} column names are automatically double-quoted to
+   * avoid clashing with keywords or space in identifiers. If you are on MySQL,
+   * you can backtick-quote your column name before passing it in {@code orderByKeys}.
    * 
    * <p>The method is lazy. Paginated queries are only sent when the returned stream is consumed.
    * The caller should close the {@code connection} after done, which will close the cached
@@ -1023,9 +1023,9 @@ public <T> Stream<List<T>> paginateLazily(
    * If {@code orderByKeys} is empty, the paginated query will use {@code OFFSET} keyword
    * instead of the sort key columns to specify the next page offset.
    * 
-   * <p>The {@code orderByKeys} column names are automatically double-quoted to avoid clashing
-   * with keywords or spaces in identifiers. 
-   * If your DB is case sensitive, make sure you pass in the accurate case.
+   * <p>By default, the {@code orderByKeys} column names are automatically double-quoted to
+   * avoid clashing with keywords or space in identifiers. If you are on MySQL,
+   * you can backtick-quote your column name before passing it in {@code orderByKeys}.
    * 
    * <p>The method is lazy. Paginated queries are only sent when the returned stream is consumed.
    * The caller should close the {@code connection} after done, which will close the cached
@@ -1067,9 +1067,9 @@ public <T> Stream<List<T>> paginateLazily(
    * If {@code orderByKeys} is empty, the paginated query will use {@code OFFSET} keyword
    * instead of the sort key columns to specify the next page offset.
    * 
-   * <p>The {@code orderByKeys} column names are automatically double-quoted to avoid clashing
-   * with keywords or spaces in identifiers. 
-   * If your DB is case sensitive, make sure you pass in the accurate case.
+   * <p>By default, the {@code orderByKeys} column names are automatically double-quoted to
+   * avoid clashing with keywords or space in identifiers. If you are on MySQL,
+   * you can backtick-quote your column name before passing it in {@code orderByKeys}.
    * 
    * <p>The method is lazy. Paginated queries are only sent when the returned stream is consumed.
    * The caller should close the {@code connection} after done, which will close the cached
@@ -1108,9 +1108,9 @@ public <T> Stream<List<T>> paginateLazily(
    * If {@code orderByKeys} is empty, the paginated query will use {@code OFFSET} keyword
    * instead of the sort key columns to specify the next page offset.
    * 
-   * <p>The {@code orderByKeys} column names are automatically double-quoted to avoid clashing
-   * with keywords or spaces in identifiers. 
-   * If your DB is case sensitive, make sure you pass in the accurate case.
+   * <p>By default, the {@code orderByKeys} column names are automatically double-quoted to
+   * avoid clashing with keywords or space in identifiers. If you are on MySQL,
+   * you can backtick-quote your column name before passing it in {@code orderByKeys}.
    * 
    * <p>The method is lazy. Paginated queries are only sent when the returned stream is consumed.
    * The caller should close the {@code connection} after done, which will close the cached

mug-safesql/src/test/java/com/google/mu/safesql/OrderByTest.java

@@ -40,7 +40,7 @@ public class OrderByTest {
         .containsExactly(SafeSql.of("\"foo\""));
   }
 
-  @Test public void parsingToDistinctOrderByList_columnQuuoted() {
+  @Test public void parsingToDistinctOrderByList_columDoubleQuoted() {
     assertThat(Stream.of("\"foo\"").collect(parsingToDistinctOrderByList()).stream().map(OrderBy::sql))
         .containsExactly(SafeSql.of("\"foo\""));
     assertThat(Stream.of("\"last name\"").collect(parsingToDistinctOrderByList()).stream().map(OrderBy::sql))
@@ -49,6 +49,15 @@ public class OrderByTest {
         .containsExactly(SafeSql.of("\"last name\" DESC"));
   }
 
+  @Test public void parsingToDistinctOrderByList_columBacktickQuoted() {
+    assertThat(Stream.of("`foo`").collect(parsingToDistinctOrderByList()).stream().map(OrderBy::sql))
+        .containsExactly(SafeSql.of("`foo`"));
+    assertThat(Stream.of("`last name`").collect(parsingToDistinctOrderByList()).stream().map(OrderBy::sql))
+        .containsExactly(SafeSql.of("`last name`"));
+    assertThat(Stream.of("`last name` desc").collect(parsingToDistinctOrderByList()).stream().map(OrderBy::sql))
+        .containsExactly(SafeSql.of("`last name` DESC"));
+  }
+
   @Test public void parsingToDistinctOrderByList_twoColumns() {
     assertThat(Stream.of("foo", "bar").collect(parsingToDistinctOrderByList()).stream().map(OrderBy::sql))
         .containsExactly(SafeSql.of("\"foo\""), SafeSql.of("\"bar\""));
@@ -106,4 +115,16 @@ public class OrderByTest {
                 "((\"id\" > {id})) OR ((\"id\" = {id}) AND (\"name\" < {name})) OR ((\"id\" = {id}) AND (\"name\" = {name}) AND (\"time\" > {time}))",
                 id, id, name, id, name, /* time */ 101));
   }
+  
+  @Test public void after_columnNameBacktickQuoted() {
+    List<OrderBy> orderBy = Stream.of("`id` desc").collect(parsingToDistinctOrderByList());
+    ImmutableMap<String, Integer> last = ImmutableMap.of("id", 10);
+    assertThat(OrderBy.after(last, orderBy)).isEqualTo(SafeSql.of("((`id` < {id}))", 10));
+  }
+  
+  @Test public void after_columnNameDoubleQuoted() {
+    List<OrderBy> orderBy = Stream.of("\"id\" desc").collect(parsingToDistinctOrderByList());
+    ImmutableMap<String, Integer> last = ImmutableMap.of("id", 10);
+    assertThat(OrderBy.after(last, orderBy)).isEqualTo(SafeSql.of("((\"id\" < {id}))", 10));
+  }
 }

mug-safesql/src/test/java/com/google/mu/safesql/SafeSqlDbTest.java

@@ -1163,6 +1163,50 @@ protected DatabaseOperation getTearDownOperation() {
     assertThat(stream.collect(toList())).isEmpty();
   }
 
+  @Test public void paginateLazily_withOrderBy_nullValueNotSupported() throws Exception {
+    ZonedDateTime barTime = ZonedDateTime.of(2024, 11, 1, 10, 20, 30, 0, ZoneId.of("UTC"));
+    assertThat(
+            SafeSql.of("insert into ITEMS(id, title, time) VALUES({id}, {title}, {time})", testId(), "bar", barTime)
+                .update(connection()))
+        .isEqualTo(1);
+    assertThat(
+            SafeSql.of("insert into ITEMS(id, title, time) VALUES({id}, {title}, {time})", testId() + 1, "bar", barTime.plusSeconds(1))
+                .update(connection()))
+        .isEqualTo(1);
+    Stream<List<Item>> stream =
+        SafeSql.of(
+                "select ITEM_UUID, TIME, TITLE from ITEMS where ID between {from} and {to}",
+                /* from */ testId(), /* to */ testId() + 1)
+            .paginateLazily(connection(), asList("TITLE", "TIME desc", "ITEM_UUID"), 1, Item.class);
+    NullPointerException thrown = assertThrows(NullPointerException.class, () -> stream.collect(toList()));
+    assertThat(thrown).hasMessageThat().contains("ITEM_UUID");
+  }
+
+  @Test public void paginateLazily_explicitBacktickQuote() throws Exception {
+    ZonedDateTime barTime = ZonedDateTime.of(2024, 11, 1, 10, 20, 30, 0, ZoneId.of("UTC"));
+    assertThat(
+            SafeSql.of("insert into ITEMS(id, title, time) VALUES({id}, {title}, {time})", testId(), "bar", barTime)
+                .update(connection()))
+        .isEqualTo(1);
+    assertThat(
+            SafeSql.of("insert into ITEMS(id, title, time) VALUES({id}, {title}, {time})", testId() + 1, "bar", barTime.plusSeconds(1))
+                .update(connection()))
+        .isEqualTo(1);
+    assertThat(
+          SafeSql.of("insert into ITEMS(id, title, time) VALUES({id}, {title}, {time})", testId() + 2, "baz", barTime)
+              .update(connection()))
+      .isEqualTo(1);
+    Stream<List<Item>> stream =
+        SafeSql.of(
+                "select ID, TIME, TITLE from ITEMS where ID between {from} and {to} ORDER BY ID",
+                /* from */ testId(), /* to */ testId() + 2)
+            .paginateLazily(connection(), asList("`title`", "`time` desc", "`id`"), 2, Item.class);
+    assertThat(stream.collect(toList()))
+        .containsExactly(
+            asList(new Item(testId() + 1, "bar", barTime.toInstant().plusSeconds(1)), new Item(testId(), "bar", barTime.toInstant())),
+            asList(new Item(testId() + 2, "baz", barTime.toInstant())));
+  }
+
   static class Item {
     private final int id;
     private final String title;