Documentation
¶
Overview ¶
Package sqlquote provides the single, shared SQL identifier-quoting and string-literal-escaping helpers used when index plugins (CAGRA / IVF-PQ / HNSW / IVF-FLAT / fulltext) and the cuVS CDC/idxcron helpers assemble SQL by string interpolation. Routing every such site through here prevents broken or injectable SQL when an identifier contains a backtick (e.g. a column named `a`b`) or a string literal (e.g. a JSON params blob) contains a single quote.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EscapeString ¶
EscapeString escapes s for embedding inside a single-quoted SQL string literal. It escapes BOTH backslash and single quote, because MatrixOne's MySQL scanner treats backslash as an escape introducer inside single-quoted literals (handleEscape in pkg/sql/parsers/dialect/mysql/scanner.go interprets \n, \t, \0, \\, \', ... and a trailing backslash even swallows the closing quote). So doubling single quotes alone is NOT enough: a literal backslash would corrupt the value (e.g. 'C:\Program' reads back as 'C:Program') or break the literal. Each backslash is doubled and each single quote is doubled. The caller supplies the surrounding quotes, e.g.
fmt.Sprintf("... '%s' ...", sqlquote.EscapeString(jsonParams))
This is the escape needed for JSON params / config blobs and any value that may contain single quotes or backslashes inside string values.
func Ident ¶
Ident quotes an SQL identifier (database / table / column / alias) with backticks, doubling any embedded backtick so the identifier is preserved verbatim. e.g. Ident("a`b") == "`a“b`".
Use it everywhere an identifier is interpolated, instead of hand-writing "`" + name + "`" (which breaks the moment name contains a backtick).
func QualifiedIdent ¶
QualifiedIdent quotes each non-empty part and joins them with ".", producing e.g. "`db`.`tbl`" or "`src`.`col`". Empty parts are skipped.
Types ¶
This section is empty.