Tweaking escape syntax

Author: Paultagoras

jdbc-v2/src/main/java/com/clickhouse/jdbc/PreparedStatementImpl.java

@@ -556,6 +556,6 @@ private static String encodeObject(Object x) throws SQLException {
     }
 
     private static String escapeString(String x) {
-        return x.replace("'", "''");//Escape single quotes
+        return x.replace("\\", "\\\\").replace("'", "\\'");//Escape single quotes
     }
 }

jdbc-v2/src/test/java/com/clickhouse/jdbc/PreparedStatementTest.java

@@ -239,4 +239,19 @@ public void testPrimitiveArrays() throws Exception {
             }
         }
     }
+
+
+    @Test(groups = { "integration" })
+    public void testEscapeStrings() throws Exception {
+        try (Connection conn = getJdbcConnection()) {
+            try (PreparedStatement stmt = conn.prepareStatement("SELECT FALSE OR ? = 'test'")) {
+                stmt.setString(1, "test\\\\' OR 1 = 1 --");
+                try (ResultSet rs = stmt.executeQuery()) {
+                    assertTrue(rs.next());
+                    assertEquals(rs.getString(1), "false");
+                    assertFalse(rs.next());
+                }
+            }
+        }
+    }
 }