Why doesn't URI.escape
escape single quotes?
URI.escape("foo'bar\" baz")
=> "foo'bar%22%20baz"
No escaping is used with single quotes. Use a double backslash as the escape character for backslash.
We can use the backslash ( \ ) escape character to prevent JavaScript from interpreting a quote as the end of the string. The syntax of \' will always be a single quote, and the syntax of \" will always be a double quote, without any fear of breaking the string.
The simplest method to escape single quotes in SQL is to use two single quotes. For example, if you wanted to show the value O'Reilly, you would use two quotes in the middle instead of one. The single quote is the escape character in Oracle, SQL Server, MySQL, and PostgreSQL.
' means "HTML Code for an Apostrophe."
For the same reason it doesn't escape ?
or /
or :
, and so forth. URI.escape()
only escapes characters that cannot be used in URLs at all, not characters that have a special meaning.
What you're looking for is CGI.escape()
:
require "cgi"
CGI.escape("foo'bar\" baz")
=> "foo%27bar%22+baz"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With