PG driver doesn't escape strings in insert() #50

Closed
ryanmeador opened this Issue Sep 24, 2012 · 1 comment

3 participants

@ryanmeador

Running a line like this produces a SQL error because the apostrophe in "isn't" isn't escaped in the string sent down to the DB, thus producting a syntax error.

  db.insert("reasons", ["id", "title", "description"], [1, "Resource Unavailable", "The requested URL isn't available due to server down or HTTP 4xx errors"], group());
@kunklejr kunklejr closed this in be393aa Sep 29, 2012
@chani3

still broken for me in mysql. it gets to the second quote and dies.

I think the problem is that you used the regular replace function, which only replaces once. you want to pass it a regex with /g on the end, like the second example here: http://www.w3schools.com/jsref/jsref_replace.asp

@bromanko bromanko pushed a commit to meetearnest/node-db-migrate that referenced this issue Dec 17, 2013
Brian Romanko Fix for multiple single quotes in a string. #50 7b3f246
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment