search

thevahidal / soul

🕉 A SQLite REST and realtime server
https://thevahidal.github.io/soul/
MIT License
1.51k stars 51 forks source link

Soul error on single quote #146

Closed IanMayo closed 6 months ago

IanMayo commented 8 months ago

This issue is related to the use of the single-quote character '.

We can insert a new record containing a single quote, for instance a last-name of O'Brien. Soul accepts this.

But, it we try to push an edit to the that field, or use the single-quote in a _search parameter, Soul returns an error.

Here is the GET URL: http://localhost:8000/api/tables/invoices/rows?_search=O%27Brien

This is the Soul response: image

Does this character need to escaped before it is processed?

thevahidal commented 8 months ago

Hey @IanMayo, Yes, you should escape it using two single quotations, so instead of O'Brien you should use O''Brien.

From SQLite documentation:

(14) How do I use a string literal that contains an embedded single-quote (') character?

The SQL standard specifies that single-quotes in strings are escaped by putting two single quotes in a row. SQL works like the Pascal programming language in this regard. Example:

INSERT INTO xyz VALUES('5 O''clock');

thevahidal commented 8 months ago

Though we can do this inside Soul itself.

IanMayo commented 8 months ago

Great, thanks. Hmm, I guess we have a choice on whether to hide or expose this SQL pattern.

I think it would be good if Soul could invisibly handle it, so it's one less thing for the Soul user to think/worry about.

thevahidal commented 8 months ago

Sure, I'll work on it.