[Cubicweb] escape for RQL insertion

Dimitri Papadopoulos Orfanos dimitri.papadopoulos at cea.fr
Wed Oct 30 09:12:01 CET 2013

Dear all,

After some research, here are my findings on inserting literal values 
using RQL:

1. Quotes must be escaped using a backslash. If using double quotes to 
delimit values to insert, escape only double quotes. If using simple 
quotes to delimit values to insert, escape only simple quotes.

2. In most cases the backslash needs not be escaped, with a single 
exception for strings containing:
If only the quote is escaped :
the result is an RQL error. Both the backslash and the quote need be 

Therefore my suggestion is, always escape backslahes and quotes (double 
or simple depending on whether double or single quotes are used to 
delimit values to insert). Note that Python by itself requires 
additional escaping! Here is a function for each case:

     def escape_double_quote(s):
         s = s.replace('\\', '\\\\')
         s = s.replace('"', '\\"')
         return s

     def escape_simple_quote(s):
         s = s.replace('\\', '\\\\')
         s = s.replace("'", "\\'")
         return s

Dimitri Papadopoulos
I2BM, NeuroSpin
91191 Gif-sur-Yvette cedex, France

More information about the Cubicweb mailing list