Esacpe \ with \\ for SQL?

Hi,

I think that it’'s a bug to esacpe \ with
within SQL queries. I did never heard of such a need and Wildfire seems to do this just when searching users. For me escapeForSQL() in org.jivesoftware.util.StringUtils seems for to be not necessary. So my account “a\b” is currently not found when I search for “a\b”.

If one would be so nice to point out my error or confirm that this is a Wildfire error I’'ll create an issue to get this fixed.

LG

UPD: no one?

Can you site a specific case? \ is an escape character in java strings so it needs to be escaped.

Alex

Hi Alex,

soemthing did change within Wildfire as searching does no work, maybe the ‘’’’ was handled somewhere else wrong. So the Stringbuilder.toString() may indeed require an esacped ‘’’’ for toString. And this is the place where no prepared statements are used while this would have been easy to implement.

The only problem I see now is http://server/user-search.jsp converts ‘’’’ to ‘’\5c’’ and is not able to find user “a\b”.

LG

UPD: It was “test\test@jivesoftware.com” - and one has still problems to find it within beta_2 while beta_3 is fine.