From c8f74aae5a1fc534e5f270063b1ebe9eb16b6fce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mehmet=20Emin=20KARAKA=C5=9E?= Date: Mon, 28 Dec 2020 00:31:37 +0300 Subject: [PATCH] Correctly handle column names that need escaping in INSERT and UPDATE statements (#164) Examples: INSERT INTO "x" ("user") VALUES ('abc') UPDATE "x" SET "user" = 'MEK' --- lib/pg_query/deparse.rb | 4 ++-- spec/lib/pg_query/deparse_spec.rb | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/lib/pg_query/deparse.rb b/lib/pg_query/deparse.rb index 5e7f1224..4e30e647 100644 --- a/lib/pg_query/deparse.rb +++ b/lib/pg_query/deparse.rb @@ -393,7 +393,7 @@ def deparse_restarget(node, context) if context == :select [deparse_item(node['val']), deparse_identifier(node['name'])].compact.join(' AS ') elsif context == :update - [node['name'], deparse_item(node['val'])].compact.join(' = ') + [deparse_identifier(node['name']), deparse_item(node['val'])].compact.join(' = ') elsif node['val'].nil? node['name'] else @@ -1202,7 +1202,7 @@ def deparse_insert_into(node) if node['cols'] output << '(' + node['cols'].map do |column| - deparse_item(column) + deparse_item(column, :select) end.join(', ') + ')' end diff --git a/spec/lib/pg_query/deparse_spec.rb b/spec/lib/pg_query/deparse_spec.rb index f72b1bd6..2dd27bc3 100644 --- a/spec/lib/pg_query/deparse_spec.rb +++ b/spec/lib/pg_query/deparse_spec.rb @@ -599,6 +599,12 @@ it { is_expected.to eq query } end + context 'special column name' do + let(:query) { 'INSERT INTO "x" ("user") VALUES (\'abc\')' } + + it { is_expected.to eq query } + end + context 'with RETURNING' do let(:query) { 'INSERT INTO "x" (y, z) VALUES (1, \'abc\') RETURNING "id"' } @@ -770,6 +776,12 @@ it { is_expected.to eq oneline_query } end + + context 'special column name' do + let(:query) { "UPDATE \"x\" SET \"user\" = 'emin'" } + + it { is_expected.to eq query } + end end context 'DELETE' do