search

seancorfield / next-jdbc

A modern low-level Clojure wrapper for JDBC-based access to databases.
https://cljdoc.org/d/com.github.seancorfield/next.jdbc/
Eclipse Public License 1.0
750 stars 89 forks source link

Column is not quote escaped. #232

Closed changsu-farmmorning closed 1 year ago

changsu-farmmorning commented 1 year ago

Describe the bug In for-insert-multi function, the column is not quote escaped. https://github.com/seancorfield/next-jdbc/blob/develop/src/next/jdbc/sql/builder.clj#L155

Other function, for example for-insert, table name and column name are both covered by safe-name function.

To Reproduce Steps to reproduce the behavior (preferably code -- or link to a GitHub repo containing a small, self-contained repro example):

if you call this function, you will see sql error because "order" and "usage" are reserved word in mysql query. (insert-multi! your-datasource your-table [:order :usage] (->> [[1 "u1"] [2 "u3"]] (map seq)))

Expected behavior A clear and concise description of what you expected to happen. I think the column name will be quote escape.

As-is params (str/join ", " (map (comp column-fn name) cols)) To-be (two choice) params (str/join ", " (map (comp column-fn safe-name name) cols)) params (str/join ", " (map (comp safe-name column-fn name) cols))

스크린샷 2022-11-04 오전 10 24 57 스크린샷 2022-11-04 오전 10 25 10 스크린샷 2022-11-04 오전 10 25 33

Thank you!

seancorfield commented 1 year ago

Thank you -- good catch!