add column escaper function

2024-07-18 17:03:32 +02:00 · 2024-07-18 17:03:32 +02:00 · 6754905f24
commit 6754905f24
parent 6c9e1cfd06
3 changed files with 19 additions and 5 deletions
--- a/app/app.go
+++ b/app/app.go
@ -170,7 +170,7 @@ func (a *App) UpdateRows(c config.SchemaConfigAction, globalColumns map[string]s
 					updates = append(updates, database.GetNamedParameter(a.DbConfig.Type, col, len(values)+1))
 					values[len(values)+1] = value.FinalValue()
 				} else {
-					updates = append(updates, fmt.Sprintf("%s=%s", col, value.FinalValue()))
+					updates = append(updates, fmt.Sprintf("%s=%s", database.EscapeColumn(a.DbConfig.Type, col), value.FinalValue()))
 				}
 			}
 		}
@ -179,7 +179,7 @@ func (a *App) UpdateRows(c config.SchemaConfigAction, globalColumns map[string]s
 			value := row[col]

 			if !value.IsString || value.IsNull {
-				pkeys = append(pkeys, fmt.Sprintf("%s=%s", col, value.FinalValue()))
+				pkeys = append(pkeys, fmt.Sprintf("%s=%s", database.EscapeColumn(a.DbConfig.Type, col), value.FinalValue()))
 			} else {
 				pkeys = append(pkeys, database.GetNamedParameter(a.DbConfig.Type, col, len(values)+1))
 				values[len(values)+1] = value.FinalValue()
--- a/database/database.go
+++ b/database/database.go
@ -15,12 +15,16 @@ func EscapeTable(dbType, table string) string {
 	return fmt.Sprintf("\"%s\"", table)
 }

+func EscapeColumn(dbType, col string) string {
+	return EscapeTable(dbType, col)
+}
+
 func GetNamedParameter(dbType, col string, number int) string {
 	if dbType == "mysql" {
-		return fmt.Sprintf("%s=?", col)
+		return fmt.Sprintf("%s=?", EscapeColumn(col))
 	}

-	return fmt.Sprintf("%s=$%d", col, number)
+	return fmt.Sprintf("%s=$%d", EscapeColumn(col), number)
 }

 func IsPgNumberType(value string) bool {
@ -80,7 +84,7 @@ func GetRows(db *sql.DB, query, table, dbType string) map[int]map[string]data.Da
 			if value != nil {
 				if dbType == "postgres" {
 					if len(columnsTypes[col]) == 0 {
-						typeQuery := fmt.Sprintf("SELECT pg_typeof(%s) as value FROM %s", col, EscapeTable(dbType, table))
+						typeQuery := fmt.Sprintf("SELECT pg_typeof(%s) as value FROM %s", EscapeColumn(dbType, col), EscapeTable(dbType, table))
 						db.QueryRow(typeQuery).Scan(&typeValue)
 						columnsTypes[col] = typeValue
 					}
--- a/database/database_test.go
+++ b/database/database_test.go
@ -14,6 +14,16 @@ func TestEscapeTable(t *testing.T) {
 	}
 }

+func TestEscapeColumn(t *testing.T) {
+	if EscapeColumn("mysql", "foo") != "`foo`" {
+		t.Fatalf("TestEscapeColumn: mysql check failed")
+	}
+
+	if EscapeTable("postgres", "foo") != "\"foo\"" {
+		t.Fatalf("TestEscapeColumn: postgres check failed")
+	}
+}
+
 func TestGetNamedParameter(t *testing.T) {
 	if GetNamedParameter("mysql", "foo", 1) != "foo=?" {
 		t.Fatalf("TestGetNamedParameter: mysql check failed")