From: Dagfinn Ilmari Mannsåker <ilmari@ilmari.org>
Date: Wed, 9 Sep 2015 11:52:29 +0000 (+0100)
Subject: Fix string quoting in PostGIS statements
X-Git-Tag: v0.11022~12
X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=commitdiff_plain;h=724347d1013c92754133af9544b30c389ec61788;p=dbsrgits%2FSQL-Translator.git

Fix string quoting in PostGIS statements
---

diff --git a/Changes b/Changes
index 08bae1b..95b422f 100644
--- a/Changes
+++ b/Changes
@@ -17,6 +17,7 @@ Changes for SQL::Translator
  * Fix multi-line comments in YAML, JSON and PostgreSQL producers
  * Fix identifier quoting in PostgreSQL diff producer
  * Fix missing semicolons between PostGIS statements
+ * Fix string quoting in PostGIS statements
 
 0.11021 2015-01-29
 
diff --git a/lib/SQL/Translator/Producer/PostgreSQL.pm b/lib/SQL/Translator/Producer/PostgreSQL.pm
index 83b7111..89b9c1b 100644
--- a/lib/SQL/Translator/Producer/PostgreSQL.pm
+++ b/lib/SQL/Translator/Producer/PostgreSQL.pm
@@ -854,25 +854,29 @@ sub add_geometry_column {
     my ($field, $options) = @_;
 
     return sprintf(
-        "INSERT INTO geometry_columns VALUES ('%s','%s','%s','%s','%s','%s','%s')",
-        '',
-        $field->table->schema->name,
-        $options->{table} ? $options->{table} : $field->table->name,
-        $field->name,
-        $field->extra->{dimensions},
-        $field->extra->{srid},
-        $field->extra->{geometry_type},
+        "INSERT INTO geometry_columns VALUES (%s,%s,%s,%s,%s,%s,%s)",
+        map(__PACKAGE__->_quote_string($_),
+            '',
+            $field->table->schema->name,
+            $options->{table} ? $options->{table} : $field->table->name,
+            $field->name,
+            $field->extra->{dimensions},
+            $field->extra->{srid},
+            $field->extra->{geometry_type},
+        ),
     );
 }
 
 sub drop_geometry_column {
-    my $field = shift;
+    my ($field) = @_;
 
     return sprintf(
-        "DELETE FROM geometry_columns WHERE f_table_schema = '%s' AND f_table_name = '%s' AND f_geometry_column = '%s'",
-        $field->table->schema->name,
-        $field->table->name,
-        $field->name,
+        "DELETE FROM geometry_columns WHERE f_table_schema = %s AND f_table_name = %s AND f_geometry_column = %s",
+        map(__PACKAGE__->_quote_string($_),
+            $field->table->schema->name,
+            $field->table->name,
+            $field->name,
+        ),
     );
 }