I was concerning myself more with the text field, and “large text inputs” by the “insert into” statement. I figured I’d be pretty safe if I encoded the whole text like you would encode html text, and then encode that text back again (Think enocoding AppleScripts or url’s for that matter). Then I thought, as long as I don’t change encoding on my machine between runs, then I’d be pretty safe, and independent of what encoding the mysql database uses on its side of things too.
Edit
Just to clear up something.
I didn’t mean that mysql didn’t use a socket when mysql was local, I meant when the socket pointed to somewhere else, maybe that should have been clearer written, hindsightly. I am no expert on sockets (though I have used them on at least one C-project), but you can’t escape them when setting up mysql connections.
Now, that is a scheme that may work perfectly well, as long as you can guarantee, that there will be no smart quotes or back ticks in the text you are encoding.
Unfortunately, I won’t go near PHP (yech) and Ruby doesn’t have any hooks to grab current tab title and current tab url of Safari. I would have gone to Ruby well before AppleScript.
In any case, sorry for the delay in posting. I just got back to this and have eradicated quotations altogether.
Since you haven’t post the query you want to escape I have posted an non-working dummy query to show how to use variables in a query. Obviously it won’t work on your machine
"SELECT * FROM `urls` WHERE `title` = 'John\\'s bike' AND `url` = 'Administrator\\'s file'"
That is invalid SQL. That is your very example.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's bike' AND `url` = 'Administrator\\'s file'' at line 1
I have no idea what’s going wrong on your machine but when I add the option -D (to get rid of no-database-selected error) and select any database, I get the error table “table” does not exist, the query itself is just fine. Also the query created by my script doesn’t look as you describes but looks like:
'SELECT * FROM `table` WHERE `field1` = '\\''John\\'\\''s bike'\\'' AND `field2` = '\\''Administrator\\'\\''s file'\\'''
