parse_named_params is case sensitive and fails with upper case

[Zomtir]

If you use named parameters with upper case letters, the function parse_named_params returns an incorrect SQL query.

Demonstration:

let query = "INSERT INTO users (user_key, userName, userpassword) VALUES (:user_key, :userName, :userpassword);";

let (named_params, real_query) = mysql_common::named_params::parse_named_params(query.as_bytes()).unwrap();

println!("Real Query: {}", std::str::from_utf8(real_query.borrow()).unwrap());
println!("Named Param Size: {}", named_params.unwrap().len());

It returns

Real Query: INSERT INTO users (user_key, userName, userpassword) VALUES (?, ?Name, ?);
Named Param Size: 3

It should return

Real Query: INSERT INTO users (user_key, userName, userpassword) VALUES (?, ?, ?);
Named Param Size: 3

As soon as the N from userName starts, the parser stops reading the named parameter.

Case sensitivity barely matters for the SQL query. The MariaDB column names are case insensitive as well. An easy workaround is to just not use upper case letters and you can still use the same string for the column name and the named parameter.

One proposed fix would be to ensure that named parameters cannot contain invalid characters. The other fix would be to parse the query correctly even if the named parameters have upper case letters.

[blackbeam]

Hi. The problem is that named parameters syntax is described elsewhere so this leads to confusion - see here https://docs.rs/mysql/latest/mysql/#named-parameters

I'll update the docs, but leave this open to implement better error reporting in the future.