Skip to content

Escape single quotes with 2 backslashes #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Escape single quotes with 2 backslashes #56

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8c57d73
Escape single quotes with 2 backslashes
courtneyholcomb Oct 6, 2022
c03a5e7
Fix comment
courtneyholcomb Oct 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/databricks/sql/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,9 +144,9 @@ def escape_string(self, item):
if isinstance(item, bytes):
item = item.decode("utf-8")
# This is good enough when backslashes are literal, newlines are just followed, and the way
# to escape a single quote is to put two single quotes.
# to escape a single quote is to precede it with 2 backslashes.
# (i.e. only special character is single quote)
return "'{}'".format(item.replace("'", "''"))
return "'{}'".format(item.replace("'", "\\'"))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i know that per @susodapop this will be fixed elsewhere, but want to point out that the backslash character itself also needs to be escaped

i think the correct replacement would be: item.replace('\\','\\\\' ).replace("'", "\\'")


def escape_sequence(self, item):
l = map(str, map(self.escape_item, item))
Expand Down
14 changes: 14 additions & 0 deletions tests/e2e/driver_tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -288,6 +288,20 @@ def test_get_columns(self):
for table in table_names:
cursor.execute('DROP TABLE IF EXISTS {}'.format(table))

def test_escape_single_quotes(self):
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is great, probably want the same type of test for a string with a backslash in it, as in

test_str = "Many Linux users are upset that Windows uses \\ to separate path elements"

with self.cursor({}) as cursor:
table_name = 'table_{uuid}'.format(uuid=str(uuid4()).replace('-', '_'))
# Test escape syntax directly
cursor.execute("CREATE TABLE IF NOT EXISTS {} AS (SELECT 'you\\'re' AS col_1)".format(table_name))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a note: this e2e test is really testing how DBSQL behaves rather than our connector. The connector escape behaviour is only called to escape parameters passed to the Connection.execute() method.

This is a good test for demonstrating how to work with DBSQL. But the dynamic is not unique to databricks-sql-connector as we observe the same with NodeJS, Go, and ODBC/JDBC.

cursor.execute("SELECT * FROM {} WHERE col_1 LIKE 'you\\'re'".format(table_name))
rows = cursor.fetchall()
assert rows[0]["col_1"] == "you're"

# Test escape syntax in parameter
cursor.execute("SELECT * FROM {} WHERE {}.col_1 LIKE %(var)s".format(table_name, table_name), parameters={"var": "you're"})
rows = cursor.fetchall()
assert rows[0]["col_1"] == "you're"

def test_get_schemas(self):
with self.cursor({}) as cursor:
database_name = 'db_{uuid}'.format(uuid=str(uuid4()).replace('-', '_'))
Expand Down