Bobby Tables

[brendanator]

I suspect the escaping of constant sql strings is not fully safe

I think \ needs escaping too or else it can be used to escape a single quote select().from(MyTable).where(MyTable.field === "\\'; drop bobby tables".const)

As long as const strings are not used for user values this shouldn't ever be a problem

Don't know if this is an issue for DB2 but it would be for MySQL: https://dev.mysql.com/doc/refman/5.7/en/string-literals.html

[DavidGregory084]

Yes, it's a bit of an escape hatch. I've been thinking about writing a Scalafix linting rule that checks that the receiver of .constant is a compile-time constant.