From 933e22320d8480072106cd6388418f13a8bdf855 Mon Sep 17 00:00:00 2001
From: Thomas Risberg <trisberg@vmware.com>
Date: Sat, 8 Oct 2011 12:10:56 +0000
Subject: [PATCH] SPR-7476 Improving named parameter parsing  skipping escaped
 colons like '\:' and allowing for delimiting parameter names with curly
 brackets like :{p1}

---
 .../jdbc/core/namedparam/NamedParameterUtils.java           | 6 ++++++
 .../jdbc/core/namedparam/NamedParameterUtilsTests.java      | 4 ++++
 2 files changed, 10 insertions(+)

diff --git a/org.springframework.jdbc/src/main/java/org/springframework/jdbc/core/namedparam/NamedParameterUtils.java b/org.springframework.jdbc/src/main/java/org/springframework/jdbc/core/namedparam/NamedParameterUtils.java
index 07e1ad5942..c8ddc4c5bd 100644
--- a/org.springframework.jdbc/src/main/java/org/springframework/jdbc/core/namedparam/NamedParameterUtils.java
+++ b/org.springframework.jdbc/src/main/java/org/springframework/jdbc/core/namedparam/NamedParameterUtils.java
@@ -105,6 +105,12 @@ public abstract class NamedParameterUtils {
 					// :{x} style parameter
 					while (j < statement.length && !('}' == statement[j])) {
 						j++;
+						if (':' == statement[j] || '{' == statement[j] || isParameterSeparator(statement[j])) {
+							throw new InvalidDataAccessApiUsageException("Parameter name contains invalid character '" + statement[j] + "' at position " + i + " in statement " + sql);
+						}
+					}
+					if (j >= statement.length) {
+						throw new InvalidDataAccessApiUsageException("Non-terminated named parameter declaration at position " + i + " in statement " + sql);
 					}
 					if (j - i > 3) {
 						parameter = sql.substring(i + 2, j);
diff --git a/org.springframework.jdbc/src/test/java/org/springframework/jdbc/core/namedparam/NamedParameterUtilsTests.java b/org.springframework.jdbc/src/test/java/org/springframework/jdbc/core/namedparam/NamedParameterUtilsTests.java
index c5f14ac6f8..ed4c54e0ee 100644
--- a/org.springframework.jdbc/src/test/java/org/springframework/jdbc/core/namedparam/NamedParameterUtilsTests.java
+++ b/org.springframework.jdbc/src/test/java/org/springframework/jdbc/core/namedparam/NamedParameterUtilsTests.java
@@ -194,6 +194,8 @@ public class NamedParameterUtilsTests {
 
 		ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql);
 		assertEquals(2, parsedSql.getParameterNames().size());
+		assertEquals("p1", parsedSql.getParameterNames().get(0));
+		assertEquals("p2", parsedSql.getParameterNames().get(1));
 		String finalSql = NamedParameterUtils.substituteNamedParameters(parsedSql, null);
 		assertEquals(expectedSql, finalSql);
 	}
@@ -208,6 +210,8 @@ public class NamedParameterUtilsTests {
 
 		ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql);
 		assertEquals(2, parsedSql.getParameterNames().size());
+		assertEquals("p1", parsedSql.getParameterNames().get(0));
+		assertEquals("p2", parsedSql.getParameterNames().get(1));
 		String finalSql = NamedParameterUtils.substituteNamedParameters(parsedSql, null);
 		assertEquals(expectedSql, finalSql);
 	}