25 lines
1,003 B
Rust
25 lines
1,003 B
Rust
/// Given a raw identifier (such as a table name, column name, etc.), format it
|
|
/// so that it may be safely interpolated into a SQL query.
|
|
pub fn escape_identifier(identifier: &str) -> String {
|
|
// Escaping identifiers for Postgres is fairly easy, provided that the input is
|
|
// already known to contain no invalid multi-byte sequences. Backslashes may
|
|
// remain as-is, and embedded double quotes are escaped simply by doubling
|
|
// them (`"` becomes `""`). Refer to the PQescapeInternal() function in
|
|
// libpq (fe-exec.c) and Diesel's PgQueryBuilder::push_identifier().
|
|
format!("\"{}\"", identifier.replace('"', "\"\""))
|
|
}
|
|
|
|
#[cfg(test)]
|
|
mod tests {
|
|
use super::*;
|
|
|
|
#[test]
|
|
fn test_escape_identifier() {
|
|
assert_eq!(escape_identifier("hello"), r#""hello""#);
|
|
assert_eq!(escape_identifier("hello world"), r#""hello world""#);
|
|
assert_eq!(
|
|
escape_identifier(r#""hello" "world""#),
|
|
r#""""hello"" ""world""""#
|
|
);
|
|
}
|
|
}
|