Using Postgres 8.3, SQLObject-0-8.1, and psycopg2 184.108.40.206, the following code breaks:
from sqlobject import *
sqlhub.processConnection = connectionForURI('<some postgres DSN>')
entry = StringCol()
f = Foo(entry="Here's an entry")
With this error:
psycopg2.ProgrammingError: syntax error at or near "s"
LINE 1: INSERT INTO bar (id, entry) VALUES (1, 'Here\'s an entry')
Our Postgres server does not allow using a backslash to escape single quotes (this could potentially allow a SQL injection attack: http://www.postgresql.org/docs/8.2/static/runtime-config-compatible.html\),
it only allows using another single quote (I'm not sure if we configured it to now allow escaping single quotes with backslashes, or if Postgres defaults to this behavior after a certain version).
This escaping is being done in StringLIkeConverter method at line 104 in converters.py .
Log in to post a comment.