Single quotes in string data values should be escaped by doubling the…

…m up (i.e. a sequence of two single-quote characters) instead of preceding them with a backslash character. The backslash was non-standard SQL but worked in Postgresql 8.x. Postgresql 9.x now standardizes this so the sequence of two single-quote characters should be used instead.
NCEAS · Jan 21, 2015 · 2cf7da5 · 2cf7da5
1 parent 4524cfc
commit 2cf7da5
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/src/main/java/org/ecoinformatics/datamanager/database/DatabaseAdapter.java b/src/main/java/org/ecoinformatics/datamanager/database/DatabaseAdapter.java
@@ -681,13 +681,17 @@ public String transformSelectionSQL(String ANSISQL) {
   /*
    * This method will escape special character, e.g. single quote ('), in the string data 
    * value. If the string has a single quote without escape, it will cause a problem.
-   * For example: insert into table (comment) values ('here's it') will cause a problem.
-   * However, insert into table (comment) values ('here\'s it') will be fine.
+   * The standard SQL syntax for escaping a single quote is to double it up.
+   * For example: 
+   * 	INSERT INTO TABLE (comment) VALUES ('here's it'); 
+   * will cause a problem. While,
+   * 	INSERT INTO TABLE (comment) VALUES ('here''s it');
+   * will be fine.
    */
   protected String escapeSpecialCharacterInData(String data)
   {
 	  String[] specialArray = {"'"};
-	  String escape = "\\\\";
+	  String escape = "'";
 	  if (data == null)
 	  {
 		  return data;
@@ -696,7 +700,9 @@ protected String escapeSpecialCharacterInData(String data)
 	  for (int i=0; i<size; i++)
 	  {
 		  String special = specialArray[i];
-		  data = data.replaceAll(special, escape+special);
+		  if (data.contains(special)) {
+			  data = data.replaceAll(special, escape+special);
+		  }
 	  }
 	  return data;
   }