Robm
1
I am injecting a string of text into a MySQL database. The strong is dynamically generated by OpenAI and on occasion contains an apostrophe (').
This breaks the SQL command I am using to update the database.
What is the best way to either remove the apostrophe (so Unlock your team’s potential becomes Unlock your teams potential)
or
Keep the apostrophe but somehow stop if from breaking the sql command?
This is the command I am currently using the can’t handle the apostrophe
INSERT INTO {{ $('Google Sheets').item.json["DB Prefix"] }}_postmeta (post_id, meta_key, meta_value)
VALUES ({{ $('Post blog to WP').item.json["id"] }}, '_yoast_wpseo_metadesc', '{{ $('OpenAI Meta description').item.json["message"]["content"] }}');
The string that occasionly causes the issue is inserted with{{ $('OpenAI Meta description').item.json["message"]["content"] }}
have you tried escaping the single quote:
INSERT INTO {{ $('Google Sheets').item.json["DB Prefix"] }}_postmeta (post_id, meta_key, meta_value)
VALUES ({{ $('Post blog to WP').item.json["id"] }}, '_yoast_wpseo_metadesc', '{{ $('OpenAI Meta description').item.json["message"]["content"].replace("'", "''") }}');
2 Likes
jasony
4
You can escape the single quote by adding a double backslash:
"Unlock your team's potential".replace(/\'/g, "\\\'")
You should escape the SQL to also handle SQL injection attacks. This would be a more complete solution:
"Unlock your team's potential".replace(/\\/g, "\\\\")
.replace(/\'/g, "\\\'")
.replace(/\"/g, "\\\"")
.replace(/\n/g, "\\\n")
.replace(/\r/g, "\\\r")
.replace(/\x00/g, "\\\x00")
.replace(/\x1a/g, "\\\x1a");
Source: What is the equivalent javascript code for php's mysql_real_escape_string()? - Stack Overflow
3 Likes
Robm
5
Thanks! Quick help appreciated.
2 Likes
system
Closed
6
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.