[Geoserver-users] parametric SQL View with escaped viewparams and Oracle Data Source

GeoServer GeoServer User
1

Hello everyone!

When using a parametric SQL View and trying to escape the viewparams values with backslashes as described in http://docs.geoserver.org/stable/en/user/data/database/sqlview.html#using-a-parametric-sql-view it raises the following ServiceException:

java.lang.IllegalStateException: The specified String ends with an incomplete escape sequence.

When looking closer at the documentation and delimiting the String with “;” the log entry shows that a “;” is added at the end of the substituted parameter, thus resulting in an invalid SQL and in the following exception:

java.io.IOExceptionORA-00911: invalid character

Am I doing anything wrong here?

working:
[http://localhost:8080/geoserver/myWorkspace/wms?service=WMS&version=1.1.0&request=GetMap&layers=myWorkspace:V_MAP_IR_COMPANIES&styles=&bbox=-180.0,-90.0,180.0,90.0&width=660&height=330&srs=EPSG:4326&format=image%2Fjpeg&viewparams=p_where:NAME = ‘ABC Inc’](http://localhost:8080/geoserver/myWorkspace/wms?service=WMS&version=1.1.0&request=GetMap&layers=myWorkspace:V_MAP_IR_COMPANIES&styles=&bbox=-180.0,-90.0,180.0,90.0&width=660&height=330&srs=EPSG:4326&format=image%2Fjpeg&viewparams=p_where:NAME = ‘ABC Inc’)

not working:
[http://localhost:8080/geoserver/myWorkspace/wms?service=WMS&version=1.1.0&request=GetMap&layers=myWorkspace:V_MAP_IR_COMPANIES&styles=&bbox=-180.0,-90.0,180.0,90.0&width=660&height=330&srs=EPSG:4326&format=image%2Fjpeg&viewparams=p_where:\NAME = ‘ABC Inc’;](http://localhost:8080/geoserver/myWorkspace/wms?service=WMS&version=1.1.0&request=GetMap&layers=myWorkspace:V_MAP_IR_COMPANIES&styles=&bbox=-180.0,-90.0,180.0,90.0&width=660&height=330&srs=EPSG:4326&format=image%2Fjpeg&viewparams=p_where:\NAME = ‘ABC Inc’:wink:

Thanks a lot for any suggestions!

BR Paul

2

On Wed, Mar 11, 2015 at 5:45 PM, Paul Jereb <paul.jereb@anonymised.com>
wrote:

Hello everyone!

When using a parametric SQL View and trying to escape the viewparams
values with backslashes as described in
http://docs.geoserver.org/stable/en/user/data/database/sqlview.html#using-a-parametric-sql-view
it raises the following ServiceException:

*java.lang.IllegalStateException: The specified String ends with an
incomplete escape sequence.*

When looking closer at the documentation and delimiting the String with "
*\;*" the log entry shows that a "*;*" is added at the end of the
substituted parameter, thus resulting in an invalid SQL and in the
following exception:

*java.io.IOExceptionORA-00911: invalid character*

Am I doing anything wrong here?

working:
http://localhost:8080/geoserver/myWorkspace/wms?service=WMS&version=1.1.0&request=GetMap&layers=myWorkspace:V_MAP_IR_COMPANIES&styles=&bbox=-180.0,-90.0,180.0,90.0&width=660&height=330&srs=EPSG:4326&format=image%2Fjpeg&viewparams=p_where:NAME
= 'ABC Inc'
<http://localhost:8080/geoserver/myWorkspace/wms?service=WMS&version=1.1.0&request=GetMap&layers=myWorkspace:V_MAP_IR_COMPANIES&styles=&bbox=-180.0,-90.0,180.0,90.0&width=660&height=330&srs=EPSG:4326&format=image%2Fjpeg&viewparams=p_where:NAME%20=%20’ABC%20Inc’&gt;

not working:
http://localhost:8080/geoserver/myWorkspace/wms?service=WMS&version=1.1.0&request=GetMap&layers=myWorkspace:V_MAP_IR_COMPANIES&styles=&bbox=-180.0,-90.0,180.0,90.0&width=660&height=330&srs=EPSG:4326&format=image%2Fjpeg&viewparams=p_where:\\NAME
= 'ABC Inc'\;
<http://localhost:8080/geoserver/myWorkspace/wms?service=WMS&version=1.1.0&request=GetMap&layers=myWorkspace:V_MAP_IR_COMPANIES&styles=&bbox=-180.0,-90.0,180.0,90.0&width=660&height=330&srs=EPSG:4326&format=image%2Fjpeg&viewparams=p_where:\NAME%20=%20’ABC%20Inc’\;&gt;

I'm getting a bit confused here, you do have: viewparams=p_where:\NAME =
'ABC Inc'\;
That is, p_where is assigned the value \NAME = 'ABC Inc'\; or in other
terms, you have an
escaped capital N (which does not makes sense to me?) and a escaped ;,
which seems to be
correctly added to the output.

The escape char is applied only to the subsequent char, and it's needed
only for ; so "\;" becomes
";" in the query. The "\N" probably just becomes "N", but it seems you're
trying to escape a block
of chars, and that's not what escaping does...

Cheers
Andrea

--

GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*

Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.

-------------------------------------------------------

3

Thank you Andrea!!!

You are completely right, I was thinking the whole value-part needs to be “escaped”.

Now what I wanted to do is working: viewparams=p_where:NAME IN (‘ABC Inc’,‘DEF Inc’)

BR Paul

···

On Wed, Mar 11, 2015 at 7:12 PM, Andrea Aime <andrea.aime@anonymised.com> wrote:

Ing. Paul Jereb BSc MSc (GIS)
blauorange.consulting GmbH

Opernring 16 | A-8010 Graz
T: +43 316 232 123 | F: +43 316 232 123-2
E: office@anonymised.com65… | W: http://blauorange.com/
FN 401966b | Landesgericht Graz

On Wed, Mar 11, 2015 at 5:45 PM, Paul Jereb <paul.jereb@anonymised.com> wrote:

Hello everyone!

When using a parametric SQL View and trying to escape the viewparams values with backslashes as described in http://docs.geoserver.org/stable/en/user/data/database/sqlview.html#using-a-parametric-sql-view it raises the following ServiceException:

java.lang.IllegalStateException: The specified String ends with an incomplete escape sequence.

When looking closer at the documentation and delimiting the String with “;” the log entry shows that a “;” is added at the end of the substituted parameter, thus resulting in an invalid SQL and in the following exception:

java.io.IOExceptionORA-00911: invalid character

Am I doing anything wrong here?

working:
http://localhost:8080/geoserver/myWorkspace/wms?service=WMS&version=1.1.0&request=GetMap&layers=myWorkspace:V_MAP_IR_COMPANIES&styles=&bbox=-180.0,-90.0,180.0,90.0&width=660&height=330&srs=EPSG:4326&format=image%2Fjpeg&viewparams=p_where:NAME = ‘ABC Inc’

not working:
http://localhost:8080/geoserver/myWorkspace/wms?service=WMS&version=1.1.0&request=GetMap&layers=myWorkspace:V_MAP_IR_COMPANIES&styles=&bbox=-180.0,-90.0,180.0,90.0&width=660&height=330&srs=EPSG:4326&format=image%2Fjpeg&viewparams=p_where:\NAME = ‘ABC Inc’;

I’m getting a bit confused here, you do have: viewparams=p_where:\NAME = ‘ABC Inc’;
That is, p_where is assigned the value \NAME = ‘ABC Inc’; or in other terms, you have an
escaped capital N (which does not makes sense to me?) and a escaped ;, which seems to be
correctly added to the output.

The escape char is applied only to the subsequent char, and it’s needed only for ; so “;” becomes
“;” in the query. The “\N” probably just becomes “N”, but it seems you’re trying to escape a block
of chars, and that’s not what escaping does…

Cheers
Andrea

==

GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

==

Ing. Andrea Aime

@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

AVVERTENZE AI SENSI DEL D.Lgs. 196/2003

Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.

The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.