Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Escape a single quote in a shell variable

Tags:

bash

shell

I wrote a Bash script to insert values to an SQLite database. The command is as follows:

sqlite3 ${db_name} "insert into ${table_name} (${column1},${column2}) values ('$f1','$f2');"

This command works fine until the f1 variable contains a single quote:

# E.g., f1="I'm just kidding"
# The command reported an error:
Error: near "m": syntax error

How can we escape the single quote inside the variable?

like image 658
Dien Nguyen Avatar asked Oct 26 '25 23:10

Dien Nguyen

2 Answers

To escape a single quote for SQL, you double it (https://www.sqlite.org/faq.html#q14):

$ f1="I'm just kidding"
$ echo "${f1//\'/''}"
I''m just kidding
$ f2="no single quotes"
$ echo "${f2//\'/''}"
no single quotes

So

sqlite3 ${db_name} "insert into ${table_name} (${column1},${column2}) values ('${f1//\'/''}','${f2//\'/''}');"
like image 94
glenn jackman Avatar answered Oct 28 '25 12:10

glenn jackman

From Bash, you can use ${varname//x/y} to replace all instances of x with y in the varname variable.

sqlite3 ${db_name} "insert into ${table_name} (${column1},${column2}) values ('${f1//\'/\'}','${f2//\'/\'}');"

will replace any ' with ' though @ignacioVazquez-Abrams has the best answer as the PHP, Perl, and Python implementations all have modules to help sanitise input.

like image 28
peteches Avatar answered Oct 28 '25 13:10

peteches
Sign in to Comment

Related questions

How to add suffix to mogrify - imagemagick

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!