Project

General

Profile

Actions
Copy link

Bug #2756

open

Single quote characters from data are not escaped when performing inserts

Added by Chad Burt almost 18 years ago. Updated almost 15 years ago.

Status:
New
Priority:
Normal
Assignee:
Jing Tao
Category:
datamanager
Target version:
Unspecified
Start date:
02/01/2007
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
2756

Description

recieved this error:
DatabaseLoader.run(): Error message: ERROR: syntax error at or near "only"
regarding this line:
INSERT into ... calm','"adrift; CTD dropped to 100' only; slight breeze"'

It seems that if a single quote is present within the data being entered it is not escaped. On this line "only" is seen as a postgres command since "100'" came before it.

Actions
Copy link
 #1

Updated by ben leinfelder almost 15 years ago

We should be escaping the special characters in any value using backslash.
Not sure this is currently going through the DatabaseAdaptor classes like the table and column names are...but that'd be the best approach so that different RDBMS can use their particular escape strategy.

Actions
Copy link
 #2

Updated by Redmine Admin over 11 years ago

Original Bugzilla ID was 2756

Actions
Copy link

Also available in: Atom PDF