Berlin Berlin - 2 months ago 12
MySQL Question

SQL query with Ruby and backslash

I have this query

db.query("
UPDATE tm
SET DESCRIPTION = 'SQL Injection (CALL \'C_DB_FUNCTION\')'
WHERE DESCRIPTION = 'SQL Injection (CALL \'C DB FUNCTION\')';
")


This query is working on the DB, but when I tried to run it via ruby with
mysql2
gem, I got the below error,

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'C_DB_FUNCTION')' (Mysql2::Error)


I guess its because the
backslash
,

How I can escape it or fix it ?

Thanks!

Answer

Special Character Escape Sequences please find the http://dev.mysql.com/doc/refman/5.7/en/string-literals.html#character-escape-sequences

db.query(" UPDATE tm SET DESCRIPTION = 'SQL Injection (CALL \\'C_DB_FUNCTION\\')' WHERE DESCRIPTION = 'SQL Injection (CALL \\'C DB FUNCTION\\')'; ")