Raise exceptions when strings and identifiers are not terminated.

Author: anthony-tuininga

doc/src/release_notes.rst

@@ -30,6 +30,11 @@ Common Changes
     :meth:`Cursor.setinputsizes()` with at least one of the values supplied as
     ``None``
     (`issue 217 <https://github.com/oracle/python-oracledb/issues/217>`__).
+#)  SQL statement parsing now raises ``DPY-2041: missing ending quote (') in
+    string`` or ``DPY-2042: missing ending quote (") in identifier`` for
+    statements with the noted invalid syntax.  Previously, thick mode gave
+    ``ORA-1756`` or ``ORA-1740``, respectively, while thin mode did not throw
+    an error.
 
 
 oracledb 1.4.0 (August 2023)

src/oracledb/errors.py

@@ -188,6 +188,8 @@ def _raise_from_string(exc_type: Exception, message: str) -> None:
 ERR_INVALID_COLL_INDEX_GET = 2038
 ERR_INVALID_COLL_INDEX_SET = 2039
 ERR_EXECUTE_MODE_ONLY_FOR_DML = 2040
+ERR_MISSING_QUOTE_IN_STRING = 2041
+ERR_MISSING_QUOTE_IN_IDENTIFIER = 2042
 
 # error numbers that result in NotSupportedError
 ERR_TIME_NOT_SUPPORTED = 3000
@@ -267,6 +269,8 @@ def _raise_from_string(exc_type: Exception, message: str) -> None:
     28: ERR_CONNECTION_CLOSED,
     600: ERR_CONNECTION_CLOSED,
     1005: ERR_NO_CREDENTIALS,
+    1740: ERR_MISSING_QUOTE_IN_IDENTIFIER,
+    1756: ERR_MISSING_QUOTE_IN_STRING,
     22165: (ERR_INVALID_COLL_INDEX_SET,
             r'index \[(?P<index>\d+)\] must be in the range of '
             r'\[(?P<min_index>\d+)\] to \[(?P<max_index>\d+)\]'),
@@ -428,6 +432,10 @@ def _raise_from_string(exc_type: Exception, message: str) -> None:
     ERR_MISSING_BIND_VALUE:
             'a bind variable replacement value for placeholder ":{name}" was '
             'not provided',
+    ERR_MISSING_QUOTE_IN_IDENTIFIER:
+            'missing ending quote (") in identifier',
+    ERR_MISSING_QUOTE_IN_STRING:
+            "missing ending quote (') in string",
     ERR_MISSING_TYPE_NAME_FOR_OBJECT_VAR:
             'no object type specified for object variable',
     ERR_MIXED_ELEMENT_TYPES:

src/oracledb/impl/thin/statement.pyx

@@ -174,10 +174,11 @@ cdef class Parser:
                 exiting_qstring = True
             elif exiting_qstring:
                 if ch == "'":
-                    break
+                    return 0
                 elif ch != sep:
                     exiting_qstring = False
             self.pos += 1
+        errors._raise_err(errors.ERR_MISSING_QUOTE_IN_STRING)
 
     cdef int _parse_quoted_string(self, Py_UCS4 sep) except -1:
         """
@@ -189,8 +190,12 @@ cdef class Parser:
         while self.pos <= self.max_pos:
             ch = cpython.PyUnicode_READ(self.sql_kind, self.sql_data, self.pos)
             if ch == sep:
-                break
+                return 0
             self.pos += 1
+        if sep == "'":
+            errors._raise_err(errors.ERR_MISSING_QUOTE_IN_STRING)
+        else:
+            errors._raise_err(errors.ERR_MISSING_QUOTE_IN_IDENTIFIER)
 
     cdef int _parse_single_line_comment(self) except -1:
         """

tests/test_3900_cursor_execute.py

@@ -87,9 +87,8 @@ def test_3906_execute_and_modify_array_size(self):
     def test_3907_bad_execute(self):
         "3907 - test that subsequent executes succeed after bad execute"
         sql = "begin raise_application_error(-20000, 'this); end;"
-        self.assertRaisesRegex(oracledb.DatabaseError,
-                               "^ORA-06550:|^ORA-01756:", self.cursor.execute,
-                               sql)
+        self.assertRaisesRegex(oracledb.DatabaseError, "^DPY-2041:",
+                               self.cursor.execute, sql)
         self.cursor.execute("begin null; end;")
 
     def test_3908_fetch_after_bad_execute(self):