Skip to content

Escaping single quote #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rkt2spc opened this issue Nov 15, 2018 · 6 comments
Closed

Escaping single quote #36

rkt2spc opened this issue Nov 15, 2018 · 6 comments
Labels
invalid

Comments

@rkt2spc
Copy link

rkt2spc commented Nov 15, 2018
edited
Loading

Currently, sqlstring.escape("jo'hn") results in 'jo\\'hn' which is not the correct escape for single quote, the correct escape for single quote should be 2 single quote next to each other and the correct end result is 'jo''hn'
@dougwilson
Copy link
Member

Both are correct. https://dev.mysql.com/doc/refman/8.0/en/string-literals.html

@rkt2spc
Copy link
Author

rkt2spc commented Nov 15, 2018

@dougwilson Then it should be escaped with 1 slash, not 2 slashes, right?
'jo\\'hn' vs 'jo\'hn'

@dougwilson
Copy link
Member

It only escapes with one slash. How are you converting the string to see the output? For example if you're using console.dir(str), then node.js is adding that extra \ in the output format.

@dougwilson
Copy link
Member

dougwilson commented Nov 15, 2018
edited
Loading 

$ node
> console.log(require("sqlstring").escape("jo'hn"))
'jo\'hn'

@rkt2spc
Copy link
Author

rkt2spc commented Nov 15, 2018

You're correct, I tested it on Runkit, https://npm.runkit.com/sqlstring and I was fooled

@dougwilson
Copy link
Member

Ah, I see what you mean. Looks like they echo it out passing through like JSON.stringify or something.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
invalid
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dougwilson @rkt2spc