Data isn't saved if user input contains quotes

[radumas]

Discovered this with some feedback from a fork of this. From https://github.com/mentalhealthawhereness/map/issues/1

I tried inserting a note that read I'm here... and the console revealed an error message

POST https://anditabinas.carto.com/api/v2/sql 400 (Bad Request)
(index):206 Problem saving the data

The sql that is being generated here is something like `SELECT insert_data('I'm here');' The issue is in where the sql string to get passed to the Carto sql API is being generated by simple string manipulation https://github.com/mentalhealthawhereness/map/blob/master/index.html#L199-210

A simple fix would be to replace any single-quote with the Postgresql-friendly doubled single quote SELECT insert_data('I''m here'); (see ex below) but I wonder if there's a.... better way of solving more cases of user-input that could break this. So I asked on StackOverflow

sanitized_input = user_input.replace("'", "''")

[radumas]

Single quotes works, saves successfully.

Not super certain what to do about double quotes (did not save)

[radumas]

JSON.stringify() fixes double-quotes. Dunno how to handle double single-quotes though