From 75b74f6d5d38b06fe8a6352bb50443609085ad4d Mon Sep 17 00:00:00 2001
From: Daniel Hensby <daniel.hensby@bidbax.no>
Date: Thu, 16 Mar 2023 11:12:55 +0000
Subject: [PATCH] fix: quote sqlv8 values

---
 CHANGELOG.txt                      |  4 ++++
 lib/msnodesqlv8/connection-pool.js | 11 +++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 959a0945..cc3a2251 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,7 @@
+v9.1.3 (2023-??-??)
+-------------------
+[fix] Escape values that are added to the msnodesqlv8 connection string that we construct ((#1479)[https://github.com/tediousjs/node-mssql/pull/1479])
+
 v9.1.2 (2023-08-01)
 -------------------
 [fix] Support more named instance formats ([#1520](https://github.com/tediousjs/node-mssql/pull/1520))
diff --git a/lib/msnodesqlv8/connection-pool.js b/lib/msnodesqlv8/connection-pool.js
index c2b5ae5d..217781f4 100644
--- a/lib/msnodesqlv8/connection-pool.js
+++ b/lib/msnodesqlv8/connection-pool.js
@@ -38,8 +38,15 @@ class ConnectionPool extends BaseConnectionPool {
             return this.config.options.trustedConnection ? 'Yes' : 'No'
           case 'encrypt':
             return this.config.options.encrypt ? 'Yes' : 'No'
-          default:
-            return this.config[key] != null ? this.config[key] : ''
+          default: {
+            let val = this.config[key] || ''
+            // quote strings that contain '{' or '}' but not ones that start and end with them (assume they are already quoted)
+            if (val && typeof val === 'string' && !(val.startsWith('{') && val.endsWith('}')) && (val.indexOf('{') !== -1 || val.indexOf('}') !== -1)) {
+              // quote values in `{}` and escape any existing `}` chars
+              val = `{${val.replace(/}/g, '}}')}}`
+            }
+            return val
+          }
         }
       })