`.dump` doesn't properly escape strings with single quotes

Question

CodingDoug opened this issue a year ago · comments

→  create table t (t text);
→  insert into t values ("x'x");
→  .dump
PRAGMA foreign_keys=OFF;
CREATE TABLE t (t text);
INSERT INTO t VALUES ('x'x');

That last insert has a SQL syntax error.

Doug Stevenson · Answer 1 · Tue Aug 01 2023 02:10:51 GMT+0800 (China Standard Time)

Looks like the problem is that this function is doing straight string concatenation (here and many other places) to build outputs:

Digging down to the bottom:

func (s SQLiteFormatter) formatString(value string) string {
	return fmt.Sprintf("'%v'", value)
}