FilterToSQL#escapeName does not escape escape character

Description

SQL identifiers (column names, table names, schema names) are usually quoted using double quotes. Furthermore, identifiers can contain double quotes themselves. These are usually escaped using two double quotes, e.g. a"b is quoted as "a""b".

Identifiers with double quotes are not properly escaped by FilterToSQL#escapeName, e.g. a"b would become "a"b" resulting in an invalid SQL statement.

Additionally, there are dozens of locations in the JDBC-plugins themselves where the identifier quoting is done manually with patterns like

String sql = "ALTER TABLE \"" + schemaName + "\".\"" + tableName + "\""...

To properly support identifiers with quotes, the FilterToSQL#escapeName function should be adapted and the manual quoting in the JDBC-plugins needs to be fixed.

Environment

None

Status

Assignee

Stefan Uhrig

Reporter

Stefan Uhrig

Triage

None

Components

Priority

Medium
Configure