[SVN] SQL bundle : query should be escaped before execution

Allan Odgaard throw-away-1 at macromates.com
Fri Oct 28 18:09:53 UTC 2005


On 28/10/2005, at 19.13, Benoit Gagnon wrote:

> Mysql queries should be escaped before being sent to 'mysql'.
>
> I found out the ` character (common in mySQL scripts to identify  
> table and column names) has to be escaped (\`) or it fails.

I can do: select * from `some_table` + ctrl-shift Q and it queries w/ 
o an error.

Is this when you want to use ` in a string? cause wouldn't that be  
the job of the user to escape? i.e. as you would do if you'd typed  
the query on the mysql prompt or similar.

If we always escape it, the above would be sent to mysql as:
    select * from \`some_table\`
and that, I would think, would be more of an error.




More information about the textmate-dev mailing list