From e78d696dd90a039d332c783d4411b4f2b207fdd9 Mon Sep 17 00:00:00 2001
From: Arjen Baart <arjen@andromeda.nl>
Date: Sat, 14 Mar 2015 10:41:30 +0100
Subject: [PATCH] Bugfix: Use '' instead of \' to escape single quotes in SQL

---
 src/gcm_input/string_utils.cpp | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/gcm_input/string_utils.cpp b/src/gcm_input/string_utils.cpp
index 10696ad..90a4efd 100644
--- a/src/gcm_input/string_utils.cpp
+++ b/src/gcm_input/string_utils.cpp
@@ -20,7 +20,7 @@
 ********************************
 **      ORIGINAL AUTHOR : Arjen Baart - arjen@andromeda.nl
 **      CREATION DATE   : Jul 31, 2003
-**      LAST UPDATE     : Jul 31, 2003
+**      LAST UPDATE     : Mar 14, 2015
 **      MODIFICATIONS   : 
 **************************************************************************/
 
@@ -49,13 +49,13 @@ static const char *RCSID = "$Id: string_utils.cpp,v 1.3 2003-12-04 09:57:35 arje
 **  PARAMETERS     : 
 **  RETURN VALUE   : 
 **
-**  DESCRIPTION    : Insert backslashes before single quotes.
+**  DESCRIPTION    : Double backslashes and single quotes as per SQL syntax.
 **
 **  VARS USED      :
 **  VARS CHANGED   :
 **  FUNCTIONS USED :
 **  SEE ALSO       :
-**  LAST MODIFIED  : 
+**  LAST MODIFIED  : Mar 14, 2015
 **=========================================================================
 */
 
@@ -65,11 +65,16 @@ String SQL_Escape(String s)
 
    for (i = 0; i < ~s; i++)
    {
-      if (s[i] == '\'' || s[i] == '\\')
+      if (s[i] == '\\')
       {
          s(i,0) = "\\";
          i++;
       }
+      if (s[i] == '\'')
+      {
+         s(i,0) = "'";
+         i++;
+      }
    }
 
    return s;
-- 
2.11.0