From 831fa22239922d0ac5a7e369d88bee6506567db8 Mon Sep 17 00:00:00 2001
From: ringabout <43030857+ringabout@users.noreply.github.com>
Date: Sat, 6 Aug 2022 05:15:58 +0800
Subject: [PATCH] fixes #20153; do not escape `_` for mysql [backport] (#20164)

* fixes #20153; do not escape `_` for mysql

* add a test

* Update db_mysql.nim

* Update tdb_mysql.nim

Co-authored-by: Clay Sweetser <Varriount@users.noreply.github.com>
---
 lib/impure/db_mysql.nim    | 3 +--
 tests/stdlib/tdb_mysql.nim | 4 ++++
 2 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 tests/stdlib/tdb_mysql.nim

diff --git a/lib/impure/db_mysql.nim b/lib/impure/db_mysql.nim
index df878e25af4c5..562847e6b01e8 100644
--- a/lib/impure/db_mysql.nim
+++ b/lib/impure/db_mysql.nim
@@ -117,7 +117,7 @@ when false:
     discard mysql_stmt_close(stmt)
 
 proc dbQuote*(s: string): string =
-  ## DB quotes the string.
+  ## DB quotes the string. Note that this doesn't escape `%` and `_`.
   result = newStringOfCap(s.len + 2)
   result.add "'"
   for c in items(s):
@@ -132,7 +132,6 @@ proc dbQuote*(s: string): string =
     of '"': result.add "\\\""
     of '\'': result.add "\\'"
     of '\\': result.add "\\\\"
-    of '_': result.add "\\_"
     else: result.add c
   add(result, '\'')
 
diff --git a/tests/stdlib/tdb_mysql.nim b/tests/stdlib/tdb_mysql.nim
new file mode 100644
index 0000000000000..21a7afd4f0dfd
--- /dev/null
+++ b/tests/stdlib/tdb_mysql.nim
@@ -0,0 +1,4 @@
+import std/db_mysql
+
+doAssert dbQuote("SELECT * FROM foo WHERE col1 = 'bar_baz'") == "'SELECT * FROM foo WHERE col1 = \\'bar_baz\\''"
+doAssert dbQuote("SELECT * FROM foo WHERE col1 LIKE '%bar_baz%'") == "'SELECT * FROM foo WHERE col1 LIKE \\'%bar_baz%\\''"