pdb icon indicating copy to clipboard operation
pdb copied to clipboard

Published 20 hours ago verified publisher icon feedzai

[MySQL] Pdb incorrectly escapes queries with backslash

Open tnovo opened this issue 6 years ago • 4 comments

When performing a query to the database (using mysql backend):

Query q = select(all())
                .from(table("table"))
                .where(eq("id", k("my\id"));

engine.query(q);

pdb incorrectly escapes the query to

SELECT * FROM `table` WHERE `id` = 'my\id' ;

where it should be (notice the double \ )

SELECT * FROM `table` WHERE `id` = 'my\\id' ;

this is independent of the data in the table itself.

This behaviour does not appear in prepared statements because the escaping is delegated to the driver

tnovo avatar Dec 28 '18 16:12 tnovo

Just to add some context: this is not a problem with PostgreSQL

jmf-tls avatar Jul 03 '19 17:07 jmf-tls

I would say that is working as intended. \ in java in an escape character and it will interpret the next character in a different way ("\i" is not event valid syntax). If you want to have a literal \ in your statement you need to escape the \ on your string. Ex: "my\\id"

maiph avatar Jul 06 '19 19:07 maiph

It should work in the same way for other database engines, meaning that the same query should work regardless of the engine.

tnovo avatar Jul 06 '19 20:07 tnovo

"my\id" won't work anywhere because it won't even compile

maiph avatar Jul 06 '19 20:07 maiph