ArcGIS clients escape single quotes in where clauses with sql-style ''. But this double single quote breaks filtering because the SQL parser doesn't handle ''. To fix this until we can get a PR into flora-sql-parser, this PR implements:
Replace any '' found in the where with a \' which is the escape used by flora-sql-parser. Example:
where=food='bar''s' becomes where=food='bar\'s'
After parsing the where with flora-sql-parser, value of this node of the AST is bar's. Note that parsing removes the escape from the single quote!
This result is problematic for winnow because we wrap values in single quotes to prepare them for the alasql query statement. So the query statement ends up looking like SELECT * FROM WHERE food = 'bar's'. This breaks the alasql query because the single quote is no longer escaped!
So the solution is to add back the SQL-style single quote escaping before passing on the value to alasql. Any single quotes are replaced with ''. Doing so generates a valid SQL like SELECT * FROM WHERE food = 'bar''s'
ArcGIS clients escape single quotes in where clauses with sql-style
''. But this double single quote breaks filtering because the SQL parser doesn't handle''. To fix this until we can get a PR into flora-sql-parser, this PR implements:''found in thewherewith a\'which is the escape used by flora-sql-parser. Example:where=food='bar''s'becomeswhere=food='bar\'s'After parsing the
wherewith flora-sql-parser, value of this node of the AST isbar's. Note that parsing removes the escape from the single quote!This result is problematic for winnow because we wrap values in single quotes to prepare them for the alasql query statement. So the query statement ends up looking like
SELECT * FROM WHERE food = 'bar's'. This breaks the alasql query because the single quote is no longer escaped!''. Doing so generates a valid SQL likeSELECT * FROM WHERE food = 'bar''s'