Fix escape_for_sql method

[juananpe]

The previous version was quite broken:

WhatWeb/lib/logging/sql.rb

Lines 46 to 53 in 3e7d5ee

	def escape_for_sql(s)
	s = s.to_s
	if s.nil?
	"''"
	else
	"'" + s.tr("'", "\'") + "'"
	end
	end

Specifically, this line is not doing what we suppose it'll do:

"'" + s.tr("'", "\'") + "'"

Apparently, it seems that a string like escape'me would be translated to escape\'me but that's not the case:

2.7.2 :055 > "escape'me".tr("'","\'")
 => "escape'me"

You can find a good explanation of why here.

So the escape_for_sql method wasn't really escaping anything o_O

Finally, I think that this if branch is unneded:

WhatWeb/lib/logging/sql.rb

Lines 48 to 50 in 3e7d5ee

	if s.nil?
	"''"
	else

In fact, nil.to_s surprisingly works (it would be a clear npe exception in Java!) and casts nil to an empty string "", making the whole if block superfluous.

2.7.2 :046 > b=nil
 => nil
2.7.2 :047 > b.nil?
 => true
2.7.2 :049 > b.to_s
 => ""
2.7.2 :050 > b.to_s.nil?
 => false

[urbanadventurer]

Thanks @juananpe! I really like how detailed you were with this bug! There must not have been many people using the SQL logging for this issue to have gone unnoticed for so long!