Other function, for example for-insert, table name and column name are both covered by safe-name function.
To Reproduce
Steps to reproduce the behavior (preferably code -- or link to a GitHub repo containing a small, self-contained repro example):
if you call this function, you will see sql error because "order" and "usage" are reserved word in mysql query.
(insert-multi! your-datasource your-table [:order :usage] (->> [[1 "u1"] [2 "u3"]] (map seq)))
Expected behavior
A clear and concise description of what you expected to happen.
I think the column name will be quote escape.
Describe the bug In
for-insert-multi
function, the column is not quote escaped. https://github.com/seancorfield/next-jdbc/blob/develop/src/next/jdbc/sql/builder.clj#L155Other function, for example
for-insert
, table name and column name are both covered by safe-name function.To Reproduce Steps to reproduce the behavior (preferably code -- or link to a GitHub repo containing a small, self-contained repro example):
if you call this function, you will see sql error because "order" and "usage" are reserved word in mysql query. (insert-multi! your-datasource your-table [:order :usage] (->> [[1 "u1"] [2 "u3"]] (map seq)))
Expected behavior A clear and concise description of what you expected to happen. I think the column name will be quote escape.
As-is
params (str/join ", " (map (comp column-fn name) cols))
To-be (two choice)params (str/join ", " (map (comp column-fn safe-name name) cols))
params (str/join ", " (map (comp safe-name column-fn name) cols))
Thank you!