[SVN] SQL bundle : query should be escaped before execution

Benoit Gagnon b.gagnon at gmail.com
Fri Oct 28 18:26:19 UTC 2005


hmmm I had issues trying to do this from the command line, ie. mysql - 
uroot -proot -ddatabase -e "SELECT * FROM `member`". Escaping the `s  
fixed the error. Now that I think about it, it's probably a stupid  
error with the shell trying to execute everything inside a pair of `.

I assumed TextMate would fail as well since that's how the command is  
defined in the Bundle. It does seem to work after all, as you  
mentionned.

I will commit minor enhancements I made to the SQL bundle shortly,  
notably on the mysql transaction keywords.


On 28-Oct-05, at 2:09 PM, Allan Odgaard wrote:

> On 28/10/2005, at 19.13, Benoit Gagnon wrote:
>
>
>> Mysql queries should be escaped before being sent to 'mysql'.
>>
>> I found out the ` character (common in mySQL scripts to identify  
>> table and column names) has to be escaped (\`) or it fails.
>>
>
> I can do: select * from `some_table` + ctrl-shift Q and it queries  
> w/o an error.
>
> Is this when you want to use ` in a string? cause wouldn't that be  
> the job of the user to escape? i.e. as you would do if you'd typed  
> the query on the mysql prompt or similar.
>
> If we always escape it, the above would be sent to mysql as:
>    select * from \`some_table\`
> and that, I would think, would be more of an error.
>
> _______________________________________________
> textmate-dev mailing list
> textmate-dev at lists.macromates.com
> http://lists.macromates.com/mailman/listinfo/textmate-dev
>




More information about the textmate-dev mailing list