From 94ead6fc982ab87c390bc0548a1fb878dc82ad78 Mon Sep 17 00:00:00 2001
From: Scott Gress <scott@fleetdm.com>
Date: Thu, 24 Jul 2025 07:54:06 -0500
Subject: [PATCH] fix: update escape character for sqlite

---
 pegjs/sqlite.pegjs  | 19 ++-----------------
 test/sqlite.spec.js |  8 ++++++--
 2 files changed, 8 insertions(+), 19 deletions(-)

diff --git a/pegjs/sqlite.pegjs b/pegjs/sqlite.pegjs
index 7fc239d2..ba96572b 100644
--- a/pegjs/sqlite.pegjs
+++ b/pegjs/sqlite.pegjs
@@ -2655,26 +2655,11 @@ single_quote_char
   / escape_char
 
 single_char
-  = [^'\\] // remove \0-\x1F\x7f pnCtrl char [^'\\\0-\x1F\x7f]
+  = [^'] // remove \0-\x1F\x7f pnCtrl char [^'\\\0-\x1F\x7f]
   / escape_char
 
 escape_char
-  = "\\'"  { return "\\'";  }
-  / '\\"'  { return '\\"';  }
-  / "\\\\" { return "\\\\"; }
-  / "\\/"  { return "\\/";  }
-  / "\\b"  { return "\b"; }
-  / "\\f"  { return "\f"; }
-  / "\\n"  { return "\n"; }
-  / "\\r"  { return "\r"; }
-  / "\\t"  { return "\t"; }
-  / "\\u" h1:hexDigit h2:hexDigit h3:hexDigit h4:hexDigit {
-      return String.fromCharCode(parseInt("0x" + h1 + h2 + h3 + h4));
-    }
-  / "\\" { return "\\"; }
-  / "''" { return "''" }
-  / '""' { return '""' }
-  / '``' { return '``' }
+  = "''"
 
 line_terminator
   = [\n\r]
diff --git a/test/sqlite.spec.js b/test/sqlite.spec.js
index e46d8fe4..fa2d9344 100644
--- a/test/sqlite.spec.js
+++ b/test/sqlite.spec.js
@@ -266,8 +266,12 @@ describe('sqlite', () => {
     })
   })
   it('should support LIKE with ESCAPE', () => {
-    const sql = `SELECT * FROM table_name WHERE column_name LIKE '%pattern%' ESCAPE '\'`
-    expect(getParsedSql(sql)).to.be.equal(`SELECT * FROM "table_name" WHERE "column_name" LIKE '%pattern%' ESCAPE '\'`)
+    const sql = `SELECT * FROM table_name WHERE column_name LIKE '%pattern%' ESCAPE 'x'`
+    expect(getParsedSql(sql)).to.be.equal(`SELECT * FROM "table_name" WHERE "column_name" LIKE '%pattern%' ESCAPE 'x'`)
+  })
+  it('should allow single backslash without escaping', () => {
+    const sql = `SELECT * FROM table_name WHERE column_name LIKE '\\_%' ESCAPE '\\'`
+    expect(getParsedSql(sql)).to.be.equal(`SELECT * FROM "table_name" WHERE "column_name" LIKE '\\_%' ESCAPE '\\'`)
   })
   it('should support string concatenation in LIKE opts', () => {
     const sql = `SELECT * FROM file WHERE path LIKE 'C:' || CHAR(92) || 'Users' || CHAR(92) || 'example.txt'`