Bug #13523 Unexpected implementation of backslash escape sequences in quoted values
Submitted: 27 Sep 2005 12:20 Modified: 14 Jun 2013 10:59
Reporter: David Reeve Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / ODBC Severity:S3 (Non-critical)
Version:ODBC 3.51 Driver OS:Windows (Win XP)
Assigned to: Bogdan Degtyariov CPU Architecture:Any

[27 Sep 2005 12:20] David Reeve
Description:
when a VALUES clause is submitted for varchar columns and the single-quoted value contains a backslash such as 'xyz\', the backslash is treated as the start of an escape sequence and requires a second backslash to complete the value viz 'xyz\\'. This requires the SQL submitted via ODBC to be different from the mysql command line environment and incompatible with the behaviour of other ODBC drivers for Access, SQL Server 2000, Access, Oracle and DataDirect.

The error reported when used without a second backslash (with mysqld 5.0 10a-beta-nt) is error 8 SQL syntax error. If the rejected SQL text is copied and pasted directly into mysql on the server it works as expected.

David Reeve

How to repeat:
I have a word document containing screen dumps of the SQL and the reported error, but I don't know how to include attachments in this bug report.
File can be sent later if you are interested and if you reply by eMail.
[28 Sep 2005 8:00] Vasily Kishkin
Could you please provide any rejected sql query ?
[28 Sep 2005 16:55] David Reeve
Word document with sample SQL and ODBC driver error

Attachment: MySQL_ODBC_bug2.doc (application/octet-stream, text), 74.00 KiB.

[28 Oct 2005 23:00] Bugs System
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[25 May 2006 21:11] Peter Deacon
Also see Bug #400 which was *opened over three years ago*.  This is a serious problem and needs to be fixed.  The reason I believe it's critical to resolve is it leaves a host of sql injection vunerabilities open to RDBMS independent ODBC applications.
[29 May 2013 11:20] Bogdan Degtyariov
needs re-checking
[14 Jun 2013 10:59] Bogdan Degtyariov
The backslash escape is working correctly in the current versions of Connector/ODBC 5.2 and 5.1.
Closing the bug report.