From c7d403a37a128915462e3fd5c4c5bd57ec501759 Mon Sep 17 00:00:00 2001
From: Mark Paluch <mpaluch@vmware.com>
Date: Fri, 25 Aug 2023 09:31:30 +0200
Subject: [PATCH] Correctly validate mixed parameter bind marker usage.

We now inspect individual parameters instead of the resulting query whether the query contains JDBC-style bind markers. Previously, we inspected the final (rewritten) query which might have contained question marks in literals leading to improper validation failures.

Closes #3125
---
 .../jpa/repository/query/StringQuery.java     | 23 +++++++++++--------
 .../query/StringQueryUnitTests.java           | 14 ++++++++++-
 2 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/spring-data-jpa/src/main/java/org/springframework/data/jpa/repository/query/StringQuery.java b/spring-data-jpa/src/main/java/org/springframework/data/jpa/repository/query/StringQuery.java
index 2f4a94844c..afa68ff51c 100644
--- a/spring-data-jpa/src/main/java/org/springframework/data/jpa/repository/query/StringQuery.java
+++ b/spring-data-jpa/src/main/java/org/springframework/data/jpa/repository/query/StringQuery.java
@@ -244,13 +244,6 @@ private String parseParameterBindingsOfQueryIntoBindingsAndReturnCleanedQuery(St
 			int currentIndex = 0;
 
 			boolean usesJpaStyleParameters = false;
-			if (JDBC_STYLE_PARAM.matcher(resultingQuery).find()) {
-				queryMeta.usesJdbcStyleParameters = true;
-			}
-
-			if (NUMBERED_STYLE_PARAM.matcher(resultingQuery).find() || NAMED_STYLE_PARAM.matcher(resultingQuery).find()) {
-				usesJpaStyleParameters = true;
-			}
 
 			while (matcher.find()) {
 
@@ -262,6 +255,19 @@ private String parseParameterBindingsOfQueryIntoBindingsAndReturnCleanedQuery(St
 				String parameterName = parameterIndexString != null ? null : matcher.group(NAMED_PARAMETER_GROUP);
 				Integer parameterIndex = getParameterIndex(parameterIndexString);
 
+				String match = matcher.group(0);
+				if (JDBC_STYLE_PARAM.matcher(match).find()) {
+					queryMeta.usesJdbcStyleParameters = true;
+				}
+
+				if (NUMBERED_STYLE_PARAM.matcher(match).find() || NAMED_STYLE_PARAM.matcher(match).find()) {
+					usesJpaStyleParameters = true;
+				}
+
+				if (usesJpaStyleParameters && queryMeta.usesJdbcStyleParameters) {
+					throw new IllegalArgumentException("Mixing of ? parameters and other forms like ?1 is not supported");
+				}
+
 				String typeSource = matcher.group(COMPARISION_TYPE_GROUP);
 				Assert.isTrue(parameterIndexString != null || parameterName != null,
 						() -> String.format("We need either a name or an index; Offending query string: %s", query));
@@ -273,9 +279,6 @@ private String parseParameterBindingsOfQueryIntoBindingsAndReturnCleanedQuery(St
 					parameterIndex = expressionParameterIndex;
 				}
 
-				if (usesJpaStyleParameters && queryMeta.usesJdbcStyleParameters) {
-					throw new IllegalArgumentException("Mixing of ? parameters and other forms like ?1 is not supported");
-				}
 
 				BindingIdentifier queryParameter;
 				if (parameterIndex != null) {
diff --git a/spring-data-jpa/src/test/java/org/springframework/data/jpa/repository/query/StringQueryUnitTests.java b/spring-data-jpa/src/test/java/org/springframework/data/jpa/repository/query/StringQueryUnitTests.java
index 13ea4ca311..7f0f81061b 100644
--- a/spring-data-jpa/src/test/java/org/springframework/data/jpa/repository/query/StringQueryUnitTests.java
+++ b/spring-data-jpa/src/test/java/org/springframework/data/jpa/repository/query/StringQueryUnitTests.java
@@ -629,7 +629,7 @@ void questionMarkInStringLiteral() {
 		assertThat(query.getQueryString()).isEqualTo(queryString);
 		assertThat(query.hasParameterBindings()).isFalse();
 		assertThat(query.getParameterBindings()).isEmpty();
-
+		assertThat(query.usesJdbcStyleParameters()).isFalse();
 	}
 
 	@Test // DATAJPA-1318
@@ -667,6 +667,18 @@ void isNotDefaultProjection() {
 		}
 	}
 
+	@Test // GH-3125
+	void questionMarkInStringLiteralWithParameters() {
+
+		String queryString = "SELECT CAST(REGEXP_SUBSTR(itp.template_as_txt, '(?<=templateId\\\\\\\\=)(\\\\\\\\d+)(?:\\\\\\\\R)') AS INT) AS templateId FROM foo itp WHERE bar = ?1 AND baz = 1";
+		StringQuery query = new StringQuery(queryString, false);
+
+		assertThat(query.getQueryString()).isEqualTo(queryString);
+		assertThat(query.hasParameterBindings()).isTrue();
+		assertThat(query.getParameterBindings()).hasSize(1);
+		assertThat(query.usesJdbcStyleParameters()).isFalse();
+	}
+
 	@Test // DATAJPA-1652
 	void usingPipesWithNamedParameter() {