|
| 1 | += jdp-2026-03: JDBC escape disabled processing |
| 2 | + |
| 3 | +// SPDX-FileCopyrightText: Copyright 2026 Mark Rotteveel |
| 4 | +// SPDX-License-Identifier: LicenseRef-PDL-1.0 |
| 5 | + |
| 6 | +== Status |
| 7 | + |
| 8 | +* Draft |
| 9 | +* Proposed for: Jaybird 5.0.12, Jaybird 6.0.5, Jaybird 7 |
| 10 | + |
| 11 | +== Type |
| 12 | + |
| 13 | +* Feature-Specification |
| 14 | + |
| 15 | +== Context |
| 16 | + |
| 17 | +JDBC 4.5, to be introduced with Java 26, features a new JDBC escape which can be used to selectively disable other JDBC escape processing and parameter parsing. |
| 18 | +For details, see also chapter 6 in https://jcp.org/aboutJava/communityprocess/maintenance/jsr221/JDBC4.5MR-November_2025.pdf[JDBC 4.5 List of proposed changes]. |
| 19 | + |
| 20 | +Unfortunately, the proposed syntax for this escape has an ambiguity, and discussion with the JDBC spec lead and others did not resolve that ambiguity. |
| 21 | +This design proposal serves to document our interpretation of the "`escape disabled`" escape, identify the ambiguity, and document our decision how to handle it. |
| 22 | + |
| 23 | +=== The "`escape disabled`" escape |
| 24 | + |
| 25 | +The "`escape disabled`" escape (referred to below as "`the escape`") starts with `++{\++` and ends with `++\}++`. |
| 26 | +As a Java literal, it's `"++{\\ \\}++"`. |
| 27 | + |
| 28 | +Within the escape: |
| 29 | + |
| 30 | +* Other JDBC escapes are to be ignored (i.e. added to the resulting statement text without processing). |
| 31 | +* For drivers that need it, processing/transformation of parameter placeholders (`?`) should not be performed (i.e. the question mark should remain a question mark n the resulting statement text). |
| 32 | +* Any occurrence of `\` (backslash) that are not part of the end of the escape must be escaped by doubling, even in comments, literals and delimited identifiers. |
| 33 | ++ |
| 34 | +See also the examples (sometimes badly formatted) in chapter 6 of https://jcp.org/aboutJava/communityprocess/maintenance/jsr221/JDBC4.5MR-November_2025.pdf[JDBC 4.5 List of proposed changes]. |
| 35 | + |
| 36 | +The fact the backslash must be escaped everywhere inside the escape, except for the end of escape marker gives rise to the ambiguity as we see it. |
| 37 | +Other JDBC escapes are not processed inside comments, literals, and identifiers. |
| 38 | +The presence of `++\}++` ends the escape, and that -- in our opinion -- means that it's unescaped presence inside a comment, literal or delimited identifier would also end the escape. |
| 39 | +Otherwise, it shouldn't be necessary to escape the backslash inside comments, literals. and identifiers, and the proposed change explicitly shows it must be escaped everywhere. |
| 40 | + |
| 41 | +For example, the statement text `++{\'ends in \}literal'++`, this could be parsed in several ways: |
| 42 | + |
| 43 | +. Allow the escape to end inside the literal: ``'ends in literal'`` |
| 44 | +. Raise an error (e.g. "`unescaped backslash: end of escape disabled (++\}++) not allowed in literal`") |
| 45 | +. Ignore the escape end marker inside the literal and process it as if the backslash was escaped. |
| 46 | +This will either |
| 47 | +.. Raise an error (e.g. "`unexpected end of input before end of escape`") if there is no `++\}++` later in the statement text to actually end the escape |
| 48 | +.. Produce statement text `++'end in \} literal'++` |
| 49 | +. Interpret the `\` to escape the end-brace: `++'end in } literal'++` |
| 50 | + |
| 51 | +The third option goes directly against the requirement that backslashes must be escaped. |
| 52 | +The fourth option invents a parser rule that is not defined in the specification, and would be inconsistent with handling outside of comments, literals, and identifiers. |
| 53 | + |
| 54 | +That leaves options one and two. |
| 55 | +Option one seems to be the most literal interpretation of the specification, but option two seems to match closer with behaviour of other JDBC escapes, and probably has the least unexpected consequences. |
| 56 | + |
| 57 | +[#decision] |
| 58 | +== Decision |
| 59 | + |
| 60 | +We choose option two, raising an error if the escape ends within a comment, literal, or identifier. |
| 61 | +It will be less confusing, and it prevents unexpected problems, especially with literals containing values the developer did not intend. |
| 62 | + |
| 63 | +The documentation in release notes and the Jaybird manual will contain a warning about the ambiguity and recommendations how to avoid it. |
| 64 | + |
| 65 | +If consensus is reached at a later date, either in the JDBC Expert Group, or from common implementation in other drivers, we will reconsider the decision as documented here. |
| 66 | + |
| 67 | +== Consequences |
| 68 | + |
| 69 | +See <<#decision>>. |
| 70 | + |
| 71 | +[appendix] |
| 72 | +== License Notice |
| 73 | + |
| 74 | +The contents of this Documentation are subject to the Public Documentation License Version 1.0 (the “License”); |
| 75 | +you may only use this Documentation if you comply with the terms of this License. |
| 76 | +A copy of the License is available at https://firebirdsql.org/en/public-documentation-license/. |
| 77 | + |
| 78 | +The Original Documentation is "`jdp-2026-03: JDBC escape disabled processing". |
| 79 | +The Initial Writer of the Original Documentation is Mark Rotteveel, Copyright © 2026. |
| 80 | +All Rights Reserved. |
| 81 | +(Initial Writer contact(s): mark (at) lawinegevaar (dot) nl). |
| 82 | + |
| 83 | +//// |
| 84 | +Contributor(s): ______________________________________. |
| 85 | +Portions created by ______ are Copyright © _________ [Insert year(s)]. |
| 86 | +All Rights Reserved. |
| 87 | +(Contributor contact(s): ________________ [Insert hyperlink/alias]). |
| 88 | +//// |
| 89 | + |
| 90 | +The exact file history is recorded in our Git repository; |
| 91 | +see https://github.com/FirebirdSQL/jaybird |
0 commit comments