QuoteString() only escapes the first special character of each type in a string #25
Description
QuoteString() uses the string.replace() method to escape special characters, but passes the patterns to it as strings. When the pattern is given as a string, only the first instance of the pattern is replaced.
The patterns need to be converted to regex patterns/objects in order for every instance to be replaced properly. For example, string = string.replace("'", "''"); becomes string = string.replace(/'/g, "''");.
I'm preparing a PR and will be submitting it soon if you'd be willing to accept it.