From 0efb7ee5f820de3b805a9ccd5541ed1b4082e04a Mon Sep 17 00:00:00 2001
From: Steve Kieffer <sk@skieffer.info>
Date: Tue, 4 Jan 2022 17:37:43 -0500
Subject: [PATCH] Escape backslashes in parameter strings.

---
 redisgraph/util.py           |  1 +
 tests/functional/test_all.py | 23 +++++++++++++++++++++++
 tests/unit/test_util.py      | 11 ++++++-----
 3 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/redisgraph/util.py b/redisgraph/util.py
index 36f0f11..97ff9ce 100644
--- a/redisgraph/util.py
+++ b/redisgraph/util.py
@@ -25,6 +25,7 @@ def quote_string(v):
     if len(v) == 0:
         return '""'
 
+    v = v.replace('\\', '\\\\')
     v = v.replace('"', '\\"')
 
     return '"{}"'.format(v)
diff --git a/tests/functional/test_all.py b/tests/functional/test_all.py
index 5aeb210..0870507 100644
--- a/tests/functional/test_all.py
+++ b/tests/functional/test_all.py
@@ -101,6 +101,29 @@ def test_path(self):
         # All done, remove graph.
         redis_graph.delete()
 
+    def test_properties_with_escapes(self):
+        redis_graph = Graph('props', self.r)
+
+        message = r'This raw string has \ a backslash character in it.'
+        params = {'message': message}
+        query = """CREATE (:Foo {message: $message})"""
+        redis_graph.query(query, params)
+
+        query = """MATCH (u:Foo) RETURN u.message"""
+        result = redis_graph.query(query)
+        self.assertEqual(result.result_set[0][0], message)
+
+        message = r'This raw string has \" a quote preceded by backslash.'
+        params = {'message': message}
+        query = """CREATE (:Bar {message: $message})"""
+        redis_graph.query(query, params)
+
+        query = """MATCH (u:Bar) RETURN u.message"""
+        result = redis_graph.query(query)
+        self.assertEqual(result.result_set[0][0], message)
+
+        redis_graph.delete()
+
     def test_param(self):
         redis_graph = Graph('params', self.r)
 
diff --git a/tests/unit/test_util.py b/tests/unit/test_util.py
index 4d524d4..058f412 100644
--- a/tests/unit/test_util.py
+++ b/tests/unit/test_util.py
@@ -12,11 +12,12 @@ def test_random_string(self):
 
     def test_quote_string(self):
         self.assertEqual(util.quote_string(10), 10)
-        self.assertEqual(util.quote_string("abc"), '"abc"')
-        self.assertEqual(util.quote_string(""), '""')
-        self.assertEqual(util.quote_string('\"'), '"\\\""')
-        self.assertEqual(util.quote_string('"'), '"\\""')
-        self.assertEqual(util.quote_string('a"a'), '"a\\"a"')
+        self.assertEqual(util.quote_string('abc'), '"abc"')
+        self.assertEqual(util.quote_string(''), '""')
+        self.assertEqual(util.quote_string('"'), r'"\""')
+        self.assertEqual(util.quote_string(r'foo \ bar'), r'"foo \\ bar"')
+        self.assertEqual(util.quote_string(r'foo \" bar'), r'"foo \\\" bar"')
+        self.assertEqual(util.quote_string('a"a'), r'"a\"a"')
 
     def test_stringify_param_value(self):
         cases = [