Closed timwis closed 5 years ago
andrewbt
commented
5 years ago Hey @timwis ! It’s actually a way simpler fix than any of that. CARTO needs the full query string to be URL encoded. So I just took your first example and used my favorite quick page for that and this works fine as a request with no error:
https://phl.carto.com/api/v2/sql?q=SELECT%20count(*)%20from%20latest_employee_salaries%20where%20department%20%3D%20%27OFFICE%20OF%20INNOVATION%20%26%20TECHNOLOGY%27
timwis
commented
5 years ago wow I really thought we were already doing that! thanks
andrewbt
commented
5 years ago @timwis I just tried the second example with the apostrophe though, that one did fail even when encoded:
http://phl.carto.com/api/v2/sql?q=SELECT%20count(*)%20from%20latest_employee_salaries%20where%20department%20%3D%20%27MAYOR%27S%20OFFICE%27
But dollar quoting works on that one and I imagine would for most cases. Maybe just switch to that as a default when dealing with string columns?
So SELECT count(*) from latest_employee_salaries where department = $$MAYOR'S OFFICE$$ becomes SELECT%20count(*)%20from%20latest_employee_salaries%20where%20department%20%3D%20%24%24MAYOR%27S%20OFFICE%24%24 and works:
timwis
commented
5 years ago interesting idea, thanks!
throws the error:
This appears to be because of the ampersand not being escaped. I swear this worked fine before... I think this issue only started happening in the last few months, perhaps since Carto upgraded their version of Postgres?
There's also an issue with apostrophes, though this one makes more sense and may have been happening earlier without us noticing.
throws the error:
@andrewbt any suggestions on the proper way to escape these string literals? I imagine we'll need to replace
'with''for the second issue; perhaps useE''for the ampersands?