Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data isn't saved if user input contains quotes #1

Open
radumas opened this issue Sep 8, 2019 · 1 comment
Open

Data isn't saved if user input contains quotes #1

radumas opened this issue Sep 8, 2019 · 1 comment

Comments

@radumas
Copy link

radumas commented Sep 8, 2019
edited

I tried inserting a note that read I'm here... and the console revealed an error message

POST https://anditabinas.carto.com/api/v2/sql 400 (Bad Request)
(index):206 Problem saving the data

The sql that is being generated here is something like `SELECT insert_data('I'm here');' The issue is in where the sql string to get passed to the Carto sql API is being generated by simple string manipulation https://github.com/mentalhealthawhereness/map/blob/master/index.html#L199-210

A simple fix would be to replace any single-quote with the Postgresql-friendly doubled single quote SELECT insert_data('I''m here'); (see ex below) but I wonder if there's a.... better way of solving more cases of user-input that could break this. So I asked on StackOverflow

sanitized_input = user_input.replace("'", "''")
@radumas radumas mentioned this issue Sep 30, 2019
Open
@radumas
Copy link
Author

radumas commented Oct 8, 2019

Update, I've found a solution for single-quote, double-quote, but not multiple single-quotes

✔️
It's a "test"

It''s a ''test''

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@radumas