Skip to content

Commit

Permalink
fixes #20153; do not escape _ for mysql [backport] (#20164)
Browse files Browse the repository at this point in the history 
* fixes #20153; do not escape `_` for mysql

* add a test

* Update db_mysql.nim

* Update tdb_mysql.nim

Co-authored-by: Clay Sweetser <Varriount@users.noreply.github.com>
  • Loading branch information
@ringabout @Varriount
ringabout and Varriount authored Aug 5, 2022
1 parent 3fef2fd commit 3bd935f
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
3 changes: 1 addition & 2 deletions lib/impure/db_mysql.nim
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ when false:
discard mysql_stmt_close(stmt)

proc dbQuote*(s: string): string =
## DB quotes the string.
## DB quotes the string. Note that this doesn't escape `%` and `_`.
result = newStringOfCap(s.len + 2)
result.add "'"
for c in items(s):
Expand All @@ -132,7 +132,6 @@ proc dbQuote*(s: string): string =
of '"': result.add "\\\""
of '\'': result.add "\\'"
of '\\': result.add "\\\\"
of '_': result.add "\\_"
else: result.add c
add(result, '\'')

Expand Down
4 changes: 4 additions & 0 deletions tests/stdlib/tdb_mysql.nim
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
import std/db_mysql

doAssert dbQuote("SELECT * FROM foo WHERE col1 = 'bar_baz'") == "'SELECT * FROM foo WHERE col1 = \\'bar_baz\\''"
doAssert dbQuote("SELECT * FROM foo WHERE col1 LIKE '%bar_baz%'") == "'SELECT * FROM foo WHERE col1 LIKE \\'%bar_baz%\\''"

0 comments on commit 3bd935f

Please sign in to comment.