Bug#16820562 Bad column names are not rejected at 'prepare', only at 'execute'

roylyseng · roylyseng · commit fcc914f53f89 · 2014-01-02T14:31:30.000+01:00
Based on a patch by Prabakaran Thirumalai.

INSERT...SELECT statement reports non-existing column names during
execution phase rather than in the preparation phase, whereas
INSERT...VALUES reports these issues during preparation phase.

The function mysql_prepare_insert() resolves columns and values for
ON DUPLICATE KEY UPDATE only when VALUES clause is present.
With SELECT, these lists are resolved by select_insert::prepare(), but this
function is not called during statement preparation, only during execution.

Fixed by letting mysql_prepare_insert() resolve these lists during
preparation. An unfortunate effect of this is that some resolver actions
for INSERT statements are now done at three different places.
We hope to be able to refactor this code later so that the lists can be
resolved at a single place.
diff --git a/mysql-test/r/insert.result b/mysql-test/r/insert.result
@@ -306,7 +306,6 @@ insert into t1 SET a=1, b=a+1;
 insert into t1 (a,b) select 1,2;
 INSERT INTO t1 ( a ) SELECT 0 ON DUPLICATE KEY UPDATE a = a + VALUES (a);
 prepare stmt1 from ' replace into t1 (a,a) select 100, ''hundred'' ';
-execute stmt1;
 ERROR 42000: Column 'a' specified twice
 insert into t1 (a,b,b) values (1,1,1);
 ERROR 42000: Column 'b' specified twice
diff --git a/mysql-test/r/ps.result b/mysql-test/r/ps.result
@@ -1731,17 +1731,9 @@ drop tables if exists t1;
 create table t1 (id int primary key auto_increment, value varchar(10));
 insert into t1 (id, value) values (1, 'FIRST'), (2, 'SECOND'), (3, 'THIRD');
 prepare stmt from "insert into t1 (id, value) select * from (select 4 as i, 'FOURTH' as v) as y on duplicate key update v = 'DUP'";
-execute stmt;
-ERROR 42S22: Unknown column 'v' in 'field list'
-execute stmt;
 ERROR 42S22: Unknown column 'v' in 'field list'
-deallocate prepare stmt;
 prepare stmt from "insert into t1 (id, value) select * from (select 4 as id, 'FOURTH' as value) as y on duplicate key update y.value = 'DUP'";
-execute stmt;
 ERROR 42S22: Unknown column 'y.value' in 'field list'
-execute stmt;
-ERROR 42S22: Unknown column 'y.value' in 'field list'
-deallocate prepare stmt;
 drop tables t1;
 prepare stmt from "create table t1 select ?";
 set @a=1.0;
@@ -3937,3 +3929,21 @@ field1
 150
 DEALLOCATE PREPARE stmt;
 DROP TABLE t1, t2;
+#
+# Bug#16820562: Bad column names are not rejected at 'prepare'
+#
+Resolver errors should be given at prepare time in insert select
+CREATE TABLE t1 (a INTEGER);
+PREPARE s FROM "INSERT INTO t1 VALUES(1) ON DUPLICATE KEY UPDATE absent=2";
+ERROR 42S22: Unknown column 'absent' in 'field list'
+PREPARE s FROM "INSERT INTO t1 VALUES(1) ON DUPLICATE KEY UPDATE a=absent";
+ERROR 42S22: Unknown column 'absent' in 'field list'
+PREPARE s FROM "INSERT INTO t1 SELECT 1 ON DUPLICATE KEY UPDATE absent=2";
+ERROR 42S22: Unknown column 'absent' in 'field list'
+PREPARE s FROM "INSERT INTO t1 SELECT 1 ON DUPLICATE KEY UPDATE a=absent";
+ERROR 42S22: Unknown column 'absent' in 'field list'
+PREPARE s FROM "INSERT INTO t1(absent) VALUES(1) ON DUPLICATE KEY UPDATE a=1";
+ERROR 42S22: Unknown column 'absent' in 'field list'
+PREPARE s FROM "INSERT INTO t1(absent) SELECT 1 ON DUPLICATE KEY UPDATE a=1";
+ERROR 42S22: Unknown column 'absent' in 'field list'
+DROP TABLE t1;
diff --git a/mysql-test/t/insert.test b/mysql-test/t/insert.test
@@ -188,9 +188,8 @@ insert into t1 (a,b) values (a,b);
 insert into t1 SET a=1, b=a+1;
 insert into t1 (a,b) select 1,2;
 INSERT INTO t1 ( a ) SELECT 0 ON DUPLICATE KEY UPDATE a = a + VALUES (a);
-prepare stmt1 from ' replace into t1 (a,a) select 100, ''hundred'' ';
 --error 1110
-execute stmt1;
+prepare stmt1 from ' replace into t1 (a,a) select 100, ''hundred'' ';
 --error 1110
 insert into t1 (a,b,b) values (1,1,1);
 --error 1136
diff --git a/mysql-test/t/ps.test b/mysql-test/t/ps.test
@@ -1798,24 +1798,17 @@ set @@character_set_server= @old_character_set_server;
 drop tables if exists t1;
 create table t1 (id int primary key auto_increment, value varchar(10));
 insert into t1 (id, value) values (1, 'FIRST'), (2, 'SECOND'), (3, 'THIRD');
-# Let us prepare INSERT ... SELECT ... ON DUPLICATE KEY UPDATE statement
+# Prepare INSERT ... SELECT ... ON DUPLICATE KEY UPDATE statement
 # which in its ON DUPLICATE KEY clause erroneously tries to assign value
-# to a column which is mentioned only in SELECT part.
-prepare stmt from "insert into t1 (id, value) select * from (select 4 as i, 'FOURTH' as v) as y on duplicate key update v = 'DUP'";
-# Both first and second attempts to execute it should fail
---error ER_BAD_FIELD_ERROR 
-execute stmt;
+# to a column which is mentioned only in SELECT part. This is now caught
+# during preparation.
 --error ER_BAD_FIELD_ERROR
-execute stmt;
-deallocate prepare stmt;
+prepare stmt from "insert into t1 (id, value) select * from (select 4 as i, 'FOURTH' as v) as y on duplicate key update v = 'DUP'";
+#
 # And now the same test for more complex case which is more close
 # to the one that was reported originally.
-prepare stmt from "insert into t1 (id, value) select * from (select 4 as id, 'FOURTH' as value) as y on duplicate key update y.value = 'DUP'";
---error ER_BAD_FIELD_ERROR 
-execute stmt;
 --error ER_BAD_FIELD_ERROR
-execute stmt;
-deallocate prepare stmt;
+prepare stmt from "insert into t1 (id, value) select * from (select 4 as id, 'FOURTH' as value) as y on duplicate key update y.value = 'DUP'";
 drop tables t1;
 
 #
@@ -3486,4 +3479,26 @@ DEALLOCATE PREPARE stmt;
 
 DROP TABLE t1, t2;
 
-###########################################################################
+--echo #
+--echo # Bug#16820562: Bad column names are not rejected at 'prepare'
+--echo #
+
+--echo Resolver errors should be given at prepare time in insert select
+
+CREATE TABLE t1 (a INTEGER);
+
+--error ER_BAD_FIELD_ERROR
+PREPARE s FROM "INSERT INTO t1 VALUES(1) ON DUPLICATE KEY UPDATE absent=2";
+--error ER_BAD_FIELD_ERROR
+PREPARE s FROM "INSERT INTO t1 VALUES(1) ON DUPLICATE KEY UPDATE a=absent";
+--error ER_BAD_FIELD_ERROR
+PREPARE s FROM "INSERT INTO t1 SELECT 1 ON DUPLICATE KEY UPDATE absent=2";
+--error ER_BAD_FIELD_ERROR
+PREPARE s FROM "INSERT INTO t1 SELECT 1 ON DUPLICATE KEY UPDATE a=absent";
+
+--error ER_BAD_FIELD_ERROR
+PREPARE s FROM "INSERT INTO t1(absent) VALUES(1) ON DUPLICATE KEY UPDATE a=1";
+--error ER_BAD_FIELD_ERROR
+PREPARE s FROM "INSERT INTO t1(absent) SELECT 1 ON DUPLICATE KEY UPDATE a=1";
+
+DROP TABLE t1;
diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc
@@ -96,6 +96,7 @@ static bool check_view_single_update(List<Item> &fields, TABLE_LIST *view,
   @param table_list   The table for insert.
   @param fields       The insert fields.
   @param value_count  Number of values supplied
+                      = 0: INSERT ... SELECT, delay field count check
   @param check_unique If duplicate values should be rejected.
   @param[out] insert_table_ref resolved reference to base table
 
@@ -113,15 +114,15 @@ static bool check_insert_fields(THD *thd, TABLE_LIST *table_list,
 
   DBUG_ASSERT(table_list->updatable);
 
-  if (fields.elements == 0 && value_count != 0)
+  if (fields.elements == 0)
   {
     // No field list supplied, use field list of table being updated.
 
     DBUG_ASSERT(table);    // This branch is not reached with a view:
 
     *insert_table_ref= table_list;
 
-    if (value_count != table->s->fields)
+    if (value_count > 0 && value_count != table->s->fields)
     {
       my_error(ER_WRONG_VALUE_COUNT_ON_ROW, MYF(0), 1L);
       return true;
@@ -146,7 +147,7 @@ static bool check_insert_fields(THD *thd, TABLE_LIST *table_list,
     Name_resolution_context_state ctx_state;
     int res;
 
-    if (fields.elements != value_count)
+    if (value_count > 0 && fields.elements != value_count)
     {
       my_error(ER_WRONG_VALUE_COUNT_ON_ROW, MYF(0), 1L);
       return true;
@@ -1153,15 +1154,15 @@ bool mysql_prepare_insert(THD *thd, TABLE_LIST *table_list,
   if (mysql_prepare_insert_check_table(thd, table_list, fields, select_insert))
     DBUG_RETURN(true);
 
+  // Save the state of the current name resolution context.
+  ctx_state.save_state(context, table_list);
+
   // Prepare the lists of columns and values in the statement.
   if (values)
   {
-    /* if we have INSERT ... VALUES () we cannot have a GROUP BY clause */
+    // if we have INSERT ... VALUES () we cannot have a GROUP BY clause
     DBUG_ASSERT (!select_lex->group_list.elements);
 
-    /* Save the state of the current name resolution context. */
-    ctx_state.save_state(context, table_list);
-
     /*
       Perform name resolution only in the first table - 'table_list',
       which is the table that is inserted into.
@@ -1192,18 +1193,73 @@ bool mysql_prepare_insert(THD *thd, TABLE_LIST *table_list,
     if (!res && duplic == DUP_UPDATE)
     {
       select_lex->no_wrap_view_item= true;
-      // Setup the fields to be modified
+      // Resolve the columns that will be updated
       res= setup_fields(thd, Ref_ptr_array(),
                         update_fields, MARK_COLUMNS_WRITE, 0, 0);
       select_lex->no_wrap_view_item= false;
       if (!res)
         res= check_valid_table_refs(table_list, update_fields, map);
     }
+  }
+  else if (thd->stmt_arena->is_stmt_prepare())
+  {
+    /*
+      This section of code is more or less a duplicate of the code  in
+      select_insert::prepare, and the 'if' branch above.
+      @todo Consolidate these three sections into one.
+    */
+    /*
+      Perform name resolution only in the first table - 'table_list',
+      which is the table that is inserted into.
+     */
+    table_list->next_local= NULL;
+    thd->dup_field= NULL;
+    context->resolve_in_table_list_only(table_list);
 
-    /* Restore the current context. */
-    ctx_state.restore_state(context, table_list);
+    res= check_insert_fields(thd, context->table_list, fields, 0,
+                             !insert_into_view, insert_table_ref);
+    table_map map= 0;
+    if (!res)
+      map= (*insert_table_ref)->table->map;
+
+    if (!res && duplic == DUP_UPDATE)
+    {
+      select_lex->no_wrap_view_item= true;
+
+      // Resolve the columns that will be updated
+      res= setup_fields(thd, Ref_ptr_array(),
+                        update_fields, MARK_COLUMNS_WRITE, 0, 0);
+      select_lex->no_wrap_view_item= false;
+      if (!res)
+        res= check_valid_table_refs(table_list, update_fields, map);
+
+      DBUG_ASSERT(!table_list->next_name_resolution_table);
+      if (select_lex->group_list.elements == 0 && !select_lex->with_sum_func)
+      {
+        /*
+          There are two separata name resolution contexts:
+          the INSERT table and the tables in the SELECT expression 
+          Make a single context out of them by concatenating the lists:
+        */  
+        table_list->next_name_resolution_table= 
+          ctx_state.get_first_name_resolution_table();
+      }
+      thd->lex->in_update_value_clause= true;
+      if (!res)
+        res= setup_fields(thd, Ref_ptr_array(), update_values,
+                          MARK_COLUMNS_READ, 0, 0);
+      thd->lex->in_update_value_clause= false;
+
+      /*
+        Notice that there is no need to apply the Item::update_value_transformer
+        here, as this will be done during EXECUTE in select_insert::prepare().
+      */
+    }
   }
 
+  // Restore the current name resolution context
+  ctx_state.restore_state(context, table_list);
+
   if (res)
     DBUG_RETURN(res);
 
