[Patch] String escaping
Reported by Ben Burkert | March 24th, 2008 @ 10:03 PM
This patch adds string escaping for string data. The regular expression and escaping method was borrowed from active_record, but modified to use two single quote characters for escaping single quotes.
The postgres Command class was modified to use the escape_string method as well.
Comments and changes to this ticket
-
Ben Burkert March 25th, 2008 @ 03:50 PM
Added E'' escaping for postgres. This let's postgres know that the following string has backslash escaped characters in it.
-
Dan Kubb (dkubb) April 15th, 2008 @ 03:07 AM
- Milestone cleared.
-
Sam Smoot April 28th, 2008 @ 12:39 PM
- State changed from “new” to “invalid”
This is a dupe of another ticket Scott's working on now.
http://wm.lighthouseapp.com/proj...
Trying to handle the quoting in the drivers themselves. Will fall back to a similar patch to quoting.rb. Just FYI.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
People watching this ticket
Dan Kubb (dkubb)
Attachments
Tags
Referenced by
-
122
Security: Escape sequences in query values
FYI: http://wm.lighthouseapp.com/proj...