kysely: Alarming error output sql

Apologies, I am probably doing something horribly wrong. Inserts are failing with

 code: 'ER_PARSE_ERROR',
  errno: 1064,
  sqlState: '42000',
  sqlMessage: "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1",

Confused, I pasted the code into an SQL editor, and found that syntax highlighting was also broken. It breaks

'<p>Omie,</p><p>We aren\\'t in contact
                        ^^
                        here

And the problem becomes obvious! Single quotes are being escaped like \\', when really they ought to be like ''.

I’m unclear where this escaping code is even coming from. I did a search for escape and found nothing. Interestingly, Connection.escape(value: any): string is also escaping in a faulty way:

'<p>Omie,</p><p>We aren\'t in contact

So it’s pretty unclear to me if this issue is coming from kysely or mysql2. I was hoping you could provide some insight.

Some other things

  1. Regardless of the source of the problem, it’s very concerning. Will a deliberate, more sophisticated attack be handled?
  2. I can’t escape manually, I tried and it just results in exponential \\\\\\\\\

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 15 (9 by maintainers)

Most upvoted comments

There’s no way or need to do that. Thanks for the offer though 😊

+1
koskimas on Jul 5, 2022

Thank you! Sorry for that whole roller coaster. Is there some way I could buy you a coffee?

+1
boehs on Jul 5, 2022
Read more comments on GitHub
← laravel-shopify: Problem reinstalling, but no error logs
kysely: Update statements with joins don't seem to work →