Closed hicaro closed 3 years ago
I'm usually very picky about quoting identifiers in SQL. For some reason I didn't bother in this case. That's kind of embarrasing.
I just added psycopg2.sql
which solves this kind of problem in a very nice way:
cursor.execute(sql.SQL('DROP DATABASE {}').format(sql.Identifier(dbname)))
This even fixes the support for silly database names like sql"njection
.
I just release tusker 0.3.4
which includes this fix: https://pypi.org/project/tusker/0.3.4/
Thanks for reporting this.
@bikeshedder that was a way better solution! I just upgraded it and it works like a champ. Thank you very much!
Hi 👋🏻!
First of all, thank you very much for this great tool you put together. Such a neat utility to keep the schema and migrations in sync.
I am having an issue running
tusker diff
. It errs out when dropping the tables automatically created by the tool. This is the error I am encountering:It is coming from line 74 of the
__init.py__
file.My database name follows the
my-db-name
pattern. The name needs to be wrapped in double-quotes as:I see that all the other instances in the file with a DATABASE command are already wrapped in quotes.