[Sqlalchemy-tickets] Issue #3809: Unescaped single quote in server_default (for MySQL at least) (zzzeek/sqlalchemy)

[alex-businessoptics <iss...@bi...>]

New issue 3809: Unescaped single quote in server_default (for MySQL at least)
https://bitbucket.org/zzzeek/sqlalchemy/issues/3809/unescaped-single-quote-in-server_default

alex-businessoptics:

The following code:

```
#!python

from sqlalchemy import create_engine, Table, Column, String, MetaData
from sqlalchemy.sql.ddl import CreateTable

engine = create_engine('mysql://businessoptics:bus...@my...v/data')
print CreateTable(Table('mytable',
                        MetaData(),
                        Column('mycolumn',
                               String(length=100),
                               server_default="a'b"))
                  ).compile(engine)
```

produces this invalid output:

```
#!sql

CREATE TABLE mytable (
	mycolumn VARCHAR(100) DEFAULT 'a'b'
)
```

In this case it's a SQL syntax error, but it could also lead to SQL injection.