From a9e1cf3f51c6810dbd3605b48d82baddfe5a5b98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ju=CC=88rg=20Lehni?= <juerg@scratchdisk.com>
Date: Fri, 6 May 2011 19:59:37 +0100
Subject: [PATCH] Escape backslash (\) in SQL Strings as they can break queries
 unescaped.

---
 src/main/java/helma/objectmodel/db/DbMapping.java | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/main/java/helma/objectmodel/db/DbMapping.java b/src/main/java/helma/objectmodel/db/DbMapping.java
index 7cc3e5ac..208ec954 100644
--- a/src/main/java/helma/objectmodel/db/DbMapping.java
+++ b/src/main/java/helma/objectmodel/db/DbMapping.java
@@ -1580,7 +1580,7 @@ public final class DbMapping {
         String str = value == null ? null : value.toString();        
         if (str == null) {
             return null;
-        } else if (str.indexOf("'") < 0) {
+        } else if (str.indexOf('\'') < 0 && str.indexOf('\\') < 0) {
             return str;
         }
 
@@ -1591,9 +1591,12 @@ public final class DbMapping {
             char c = str.charAt(i);
 
             if (c == '\'') {
-                sbuf.append('\'');
+                sbuf.append("\\'");
+            } else if (c == '\\') {
+                sbuf.append("\\\\");
+            } else {
+            	sbuf.append(c);
             }
-            sbuf.append(c);
         }
         return sbuf.toString();
     }