Skip to content

Commit

Permalink
Escape ' in SQL query
Browse files Browse the repository at this point in the history
  • Loading branch information
@MaXal
MaXal committed Sep 16, 2024
1 parent 513bc6b commit d76f10e
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion pkg/server/meta/accident.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -266,7 +266,18 @@ func CreateGetAccidentByIdHandler(metaDb *pgxpool.Pool) http.HandlerFunc {
func stringArrayToSQL(input []string) string {
var str strings.Builder
str.WriteRune('\'')
str.WriteString(strings.Join(input, "','"))

for i, s := range input {
// Escape any single quotes in the string
escapedStr := strings.ReplaceAll(s, "'", "''")
str.WriteString(escapedStr)

// Add a separator if it's not the last element
if i < len(input)-1 {
str.WriteString("','")
}
}

str.WriteRune('\'')
return str.String()
}
Expand Down

0 comments on commit d76f10e

Please sign in to comment.