In a web2py shell for your application try:
" '{0}' ".format("foo' ")
You will get:
" 'foo' ' "
You can see how this will cause it to have unclosed ' in the strings which
then can give you that error. How you fix this is by quoting the string
using your DB's dialect
" '{0}' ".format(db._adapter.dialect.quote("foo' "))
Which gets you something like:
' \'"foo\' "\' '
See the difference?
This is the problem with using executesql, what you had here was an SQL
Injection vulnerability which is fixed by using quote.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
