postgres: improve robustness of database name handling in schema collection (DataDog#23389)

* Improve robustness of database name handling in schema collection

Switch `_get_databases` to use `%s` parameterized placeholders passed
to `cursor.execute` instead of formatting values directly into the query
string. This applies to the autodiscovery IN clause as well as the
exclude/include regex filters, ensuring database names and filter
patterns are always properly handled regardless of their content.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Add changelog entry for query parameterization fix

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Escape percent literal in DATABASE_INFORMATION_QUERY for parameterized execution

psycopg treats % as a placeholder prefix whenever params are passed to
cursor.execute. The LIKE wildcard in the base query must be %% so it
renders as a literal % after substitution.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Simplify _get_databases query construction

Build query and params before acquiring the connection, flatten
autodiscovery nesting, and use list multiplication for placeholder
generation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: jasonmp85

postgres/changelog.d/23389.fixed

@@ -0,0 +1 @@
+Fix database name handling in schema collection query construction.

postgres/datadog_checks/postgres/schemas.py

@@ -162,7 +162,7 @@ class PostgresDatabaseObject(DatabaseObject):
 FROM   pg_catalog.pg_database db
        JOIN pg_roles a
          ON datdba = a.oid
-        WHERE datname NOT LIKE 'template%'
+        WHERE datname NOT LIKE 'template%%'
 """
 
 
@@ -201,23 +201,28 @@ def kind(self):
         return "pg_databases"
 
     def _get_databases(self):
+        query = DATABASE_INFORMATION_QUERY
+        params: list[str] = []
+
+        for exclude_regex in self._config.exclude_databases:
+            query += " AND datname !~ %s"
+            params.append(exclude_regex)
+
+        if self._config.include_databases:
+            or_clause = " OR ".join(["datname ~ %s"] * len(self._config.include_databases))
+            query += f" AND ({or_clause})"
+            params.extend(self._config.include_databases)
+
+        # Autodiscovery trumps exclude and include
+        autodiscovery_databases = self._check.autodiscovery.get_items() if self._check.autodiscovery else []
+        if autodiscovery_databases:
+            in_clause = ", ".join(["%s"] * len(autodiscovery_databases))
+            query += f" AND datname IN ({in_clause})"
+            params.extend(autodiscovery_databases)
+
         with self._check._get_main_db() as conn:
             with conn.cursor(row_factory=dict_row) as cursor:
-                query = DATABASE_INFORMATION_QUERY
-                for exclude_regex in self._config.exclude_databases:
-                    query += " AND datname !~ '{}'".format(exclude_regex)
-                if self._config.include_databases:
-                    query += f" AND ({
-                        ' OR '.join(f"datname ~ '{include_regex}'" for include_regex in self._config.include_databases)
-                    })"
-
-                # Autodiscovery trumps exclude and include
-                if self._check.autodiscovery:
-                    autodiscovery_databases = self._check.autodiscovery.get_items()
-                    if autodiscovery_databases:
-                        query += " AND datname IN ({})".format(", ".join(f"'{db}'" for db in autodiscovery_databases))
-
-                cursor.execute(query)
+                cursor.execute(query, params)
                 return [dict(row) for row in cursor.fetchall()]
 
     @contextlib.contextmanager