NCEAS / z-test-issues

Test issue imports from redmine
0 stars 0 forks source link

Single quote characters from data are not escaped when performing inserts #424

Open mbjones opened 7 years ago

mbjones commented 7 years ago

Author Name: Chad Burt (Chad Burt) Original Redmine Issue: 2756, https://projects.ecoinformatics.org/ecoinfo/issues/2756 Original Date: 2007-02-01 Original Assignee: Jing Tao


recieved this error: DatabaseLoader.run(): Error message: ERROR: syntax error at or near "only" regarding this line: INSERT into ... calm','"adrift; CTD dropped to 100' only; slight breeze"'

It seems that if a single quote is present within the data being entered it is not escaped. On this line "only" is seen as a postgres command since "100'" came before it.

mbjones commented 7 years ago

Original Redmine Comment Author Name: ben leinfelder (ben leinfelder) Original Date: 2010-01-11T21:58:24Z


We should be escaping the special characters in any value using backslash. Not sure this is currently going through the DatabaseAdaptor classes like the table and column names are...but that'd be the best approach so that different RDBMS can use their particular escape strategy.

mbjones commented 7 years ago

Original Redmine Comment Author Name: Redmine Admin (Redmine Admin) Original Date: 2013-03-27T21:21:13Z


Original Bugzilla ID was 2756