mirrors/Nim
1
0
Fork 0
mirror of https://github.com/nim-lang/Nim.git synced 2025-12-30 18:02:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixes #20153; do not escape _ for mysql [backport] (#20164)

Browse Source 
* fixes #20153; do not escape `_` for mysql

* add a test

* Update db_mysql.nim

* Update tdb_mysql.nim

Co-authored-by: Clay Sweetser <Varriount@users.noreply.github.com>
(cherry picked from commit 3bd935f331)
This commit is contained in:
ringabout
2022-08-06 05:15:58 +08:00
committed by narimiran
parent 33a1e3acb9
commit d79f61e54d
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/impure/db_mysql.nim
View File

@@ -117,7 +117,7 @@ when false:
discard mysql_stmt_close(stmt)
proc dbQuote*(s: string): string =
## DB quotes the string.
## DB quotes the string. Note that this doesn't escape `%` and `_`.
result = newStringOfCap(s.len + 2)
result.add "'"
for c in items(s):
@@ -132,7 +132,6 @@ proc dbQuote*(s: string): string =
of '"': result.add "\\\""
of '\'': result.add "\\'"
of '\\': result.add "\\\\"
of '_': result.add "\\_"
else: result.add c
add(result, '\'')

4
tests/stdlib/tdb_mysql.nim Normal file
View File

@@ -0,0 +1,4 @@
import std/db_mysql
doAssert dbQuote("SELECT * FROM foo WHERE col1 = 'bar_baz'") == "'SELECT * FROM foo WHERE col1 = \\'bar_baz\\''"
doAssert dbQuote("SELECT * FROM foo WHERE col1 LIKE '%bar_baz%'") == "'SELECT * FROM foo WHERE col1 LIKE \\'%bar_baz%\\''"