From acb8a47911a4cdb2f30d26e057dcf5f36dc97a34 Mon Sep 17 00:00:00 2001 From: pedrocarlo Date: Tue, 3 Jun 2025 14:52:35 -0300 Subject: [PATCH] sanitize string for ast::Literal --- vendored/sqlite3-parser/src/to_sql_string/expr.rs | 8 +++++++- vendored/sqlite3-parser/src/to_sql_string/stmt/select.rs | 1 + 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/vendored/sqlite3-parser/src/to_sql_string/expr.rs b/vendored/sqlite3-parser/src/to_sql_string/expr.rs index 7727543da..bb4cf4296 100644 --- a/vendored/sqlite3-parser/src/to_sql_string/expr.rs +++ b/vendored/sqlite3-parser/src/to_sql_string/expr.rs @@ -369,6 +369,12 @@ impl Display for ast::LikeOperator { } } +/// Sanitaizes a string literal by removing single quote at front and back +/// and escaping double single quotes +pub fn sanitize_string(input: &str) -> String { + input[1..input.len() - 1].replace("''", "'").to_string() +} + impl Display for ast::Literal { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { write!( @@ -382,7 +388,7 @@ impl Display for ast::Literal { Self::Keyword(keyword) => keyword.clone(), Self::Null => "NULL".to_string(), Self::Numeric(num) => num.clone(), - Self::String(s) => s.clone(), + Self::String(s) => format!("'{}'", sanitize_string(s)), } ) } diff --git a/vendored/sqlite3-parser/src/to_sql_string/stmt/select.rs b/vendored/sqlite3-parser/src/to_sql_string/stmt/select.rs index 240c490b4..84781b1be 100644 --- a/vendored/sqlite3-parser/src/to_sql_string/stmt/select.rs +++ b/vendored/sqlite3-parser/src/to_sql_string/stmt/select.rs @@ -77,6 +77,7 @@ impl ToSqlString for ast::OneSelect { impl ToSqlString for ast::SelectInner { fn to_sql_string(&self, context: &C) -> String { + dbg!(&self); let mut ret = Vec::with_capacity(2 + self.columns.len()); ret.push("SELECT".to_string()); if let Some(distinct) = self.distinctness {