[Devel] Single-quote escaping in unixodbc +
now() vs. getdate() + openser crash in DB connection lost
Jerome Martin
jmartin at longphone.fr
Mon Jan 15 17:19:17 CET 2007
Hello Daniel,
On Sun, 2007-01-14 at 21:32 +0200, Daniel-Constantin Mierla wrote:
> I just committed on the cvs an updated to unixodbc which escapes single
> quotes, backslashes and NULL characters. Could you give it a try and let
> me know if works? Long term solution would be to use prepare statements
> APIs -- needs more investigation.
I just took a look at your code, but did not test it, because it won't
work. It is not as simple as that for single-quotes.
I even wonder if it is possible to do it cleanly in unixodbc module,
maybe this needs to be done directly in the DB adapter code or in the
other modules.
The outline is : in order to insert a litteral single-quote in a
single-quote-delimited SQL statement, you need to double the literal
single-quote :
Let's say I know a place named "Joe's" :
correct statement : SELECT phone FROM myTable WHERE phone='Joe''s';
INCORRECT one : SELECT phone FROM myTable WHERE phone='Joe\'s';
What do you think ?
Regards,
Jerome Martin
More information about the Devel
mailing list