`.dump` doesn't properly escape strings with single quotes
CodingDoug opened this issue · comments
→ create table t (t text);
→ insert into t values ("x'x");
→ .dump
PRAGMA foreign_keys=OFF;
CREATE TABLE t (t text);
INSERT INTO t VALUES ('x'x');
That last insert has a SQL syntax error.
Looks like the problem is that this function is doing straight string concatenation (here and many other places) to build outputs:
https://github.com/libsql/libsql-shell-go/blob/main/internal/shellcmd/dump.go#L74-L92
Digging down to the bottom:
https://github.com/libsql/libsql-shell-go/blob/main/internal/db/formatter.go#L82-L84
func (s SQLiteFormatter) formatString(value string) string {
return fmt.Sprintf("'%v'", value)
}