Project

General

Profile

Bug #2756

Single quote characters from data are not escaped when performing inserts

Added by Chad Burt almost 12 years ago. Updated almost 9 years ago.

Status:
New
Priority:
Normal
Assignee:
Category:
datamanager
Target version:
Start date:
02/01/2007
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
2756

Description

recieved this error:
DatabaseLoader.run(): Error message: ERROR: syntax error at or near "only"
regarding this line:
INSERT into ... calm','"adrift; CTD dropped to 100' only; slight breeze"'

It seems that if a single quote is present within the data being entered it is not escaped. On this line "only" is seen as a postgres command since "100'" came before it.

History

#1 Updated by ben leinfelder almost 9 years ago

We should be escaping the special characters in any value using backslash.
Not sure this is currently going through the DatabaseAdaptor classes like the table and column names are...but that'd be the best approach so that different RDBMS can use their particular escape strategy.

#2 Updated by Redmine Admin over 5 years ago

Original Bugzilla ID was 2756

Also available in: Atom PDF