Use SQLTemplates.quoteIdentifier for native SQL identifiers

Apply dialect-specific identifier quoting to table and column names in
JpaInsertNativeHelper, consistent with NativeSQLSerializer. This avoids
issues when identifiers contain SQL reserved words, spaces, or
dialect-specific characters.

- buildNativeInsertSQL now accepts SQLTemplates parameter
- Schema-qualified table names quote schema and table parts separately
- JPAInsertClause and HibernateInsertClause pass SQLTemplates.DEFAULT
- Deprecate the overload without SQLTemplates
- Add test covering always-quote templates

Author: ziolee

querydsl-libraries/querydsl-jpa/src/main/java/com/querydsl/jpa/JpaInsertNativeHelper.java

@@ -18,6 +18,7 @@
 import com.querydsl.core.types.ParamNotSetException;
 import com.querydsl.core.types.Path;
 import com.querydsl.core.types.dsl.Param;
+import com.querydsl.sql.SQLTemplates;
 import jakarta.persistence.Column;
 import jakarta.persistence.Table;
 import java.sql.PreparedStatement;
@@ -41,10 +42,10 @@ public final class JpaInsertNativeHelper {
   private JpaInsertNativeHelper() {}
 
   /**
-   * Resolve the SQL table name for an entity class.
+   * Resolve the SQL table name for an entity class (unquoted).
    *
    * @param entityClass the JPA entity class
-   * @return the SQL table name
+   * @return the raw SQL table name (schema.table if schema is set)
    */
   public static String resolveTableName(Class<?> entityClass) {
     if (entityClass.isAnnotationPresent(Table.class)) {
@@ -62,11 +63,11 @@ public static String resolveTableName(Class<?> entityClass) {
   }
 
   /**
-   * Resolve the SQL column name for a path. Reads {@code @Column} annotation if present, otherwise
-   * falls back to the path metadata name.
+   * Resolve the SQL column name for a path (unquoted). Reads {@code @Column} annotation if present,
+   * otherwise falls back to the path metadata name.
    *
    * @param path the query path
-   * @return the SQL column name
+   * @return the raw SQL column name
    */
   public static String resolveColumnName(Path<?> path) {
     if (path.getAnnotatedElement() != null
@@ -80,23 +81,45 @@ public static String resolveColumnName(Path<?> path) {
   }
 
   /**
-   * Build a native SQL INSERT statement from entity metadata and column paths.
+   * Quote a table name using the given {@link SQLTemplates}. Handles schema-qualified names by
+   * quoting schema and table parts separately.
    *
+   * @param templates the SQL templates providing dialect-specific quoting rules
+   * @param tableName the raw table name (may be schema-qualified as "schema.table")
+   * @return the properly quoted table name
+   */
+  private static String quoteTableName(SQLTemplates templates, String tableName) {
+    var dotIndex = tableName.indexOf('.');
+    if (dotIndex > 0) {
+      var schema = tableName.substring(0, dotIndex);
+      var table = tableName.substring(dotIndex + 1);
+      return templates.quoteIdentifier(schema) + "." + templates.quoteIdentifier(table, true);
+    }
+    return templates.quoteIdentifier(tableName);
+  }
+
+  /**
+   * Build a native SQL INSERT statement from entity metadata and column paths, with identifiers
+   * properly quoted using the given {@link SQLTemplates}.
+   *
+   * @param templates the SQL templates providing dialect-specific quoting rules
    * @param entityClass the entity class (for table name resolution)
    * @param columns the columns to insert
    * @return the native SQL INSERT string with positional parameters
    */
-  public static String buildNativeInsertSQL(Class<?> entityClass, Collection<Path<?>> columns) {
-    var tableName = resolveTableName(entityClass);
+  public static String buildNativeInsertSQL(
+      SQLTemplates templates, Class<?> entityClass, Collection<Path<?>> columns) {
     var sb = new StringBuilder();
-    sb.append("INSERT INTO ").append(tableName).append(" (");
+    sb.append("INSERT INTO ")
+        .append(quoteTableName(templates, resolveTableName(entityClass)))
+        .append(" (");
 
     var first = true;
     for (Path<?> col : columns) {
       if (!first) {
         sb.append(", ");
       }
-      sb.append(resolveColumnName(col));
+      sb.append(templates.quoteIdentifier(resolveColumnName(col)));
       first = false;
     }
 
@@ -114,6 +137,20 @@ public static String buildNativeInsertSQL(Class<?> entityClass, Collection<Path<
     return sb.toString();
   }
 
+  /**
+   * Build a native SQL INSERT statement using {@link SQLTemplates#DEFAULT} for identifier quoting.
+   *
+   * @param entityClass the entity class (for table name resolution)
+   * @param columns the columns to insert
+   * @return the native SQL INSERT string with positional parameters
+   * @deprecated prefer {@link #buildNativeInsertSQL(SQLTemplates, Class, Collection)} with explicit
+   *     templates so dialect-specific quoting is applied
+   */
+  @Deprecated
+  public static String buildNativeInsertSQL(Class<?> entityClass, Collection<Path<?>> columns) {
+    return buildNativeInsertSQL(SQLTemplates.DEFAULT, entityClass, columns);
+  }
+
   /**
    * Resolve constant values from the serializer, unwrapping {@link Param} expressions.
    *

querydsl-libraries/querydsl-jpa/src/main/java/com/querydsl/jpa/hibernate/HibernateInsertClause.java

@@ -27,6 +27,7 @@
 import com.querydsl.jpa.JPQLSerializer;
 import com.querydsl.jpa.JPQLTemplates;
 import com.querydsl.jpa.JpaInsertNativeHelper;
+import com.querydsl.sql.SQLTemplates;
 import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -153,7 +154,9 @@ public <T> T executeWithKey(Class<T> type) {
         JpaInsertNativeHelper.resolveConstants(
             serializer.getConstants(), queryMixin.getMetadata().getParams());
 
-    var sql = JpaInsertNativeHelper.buildNativeInsertSQL(entityClass, effectiveColumns);
+    var sql =
+        JpaInsertNativeHelper.buildNativeInsertSQL(
+            SQLTemplates.DEFAULT, entityClass, effectiveColumns);
 
     return session.doReturningWork(
         connection -> {

querydsl-libraries/querydsl-jpa/src/main/java/com/querydsl/jpa/impl/JPAInsertClause.java

@@ -26,6 +26,7 @@
 import com.querydsl.jpa.JPQLSerializer;
 import com.querydsl.jpa.JPQLTemplates;
 import com.querydsl.jpa.JpaInsertNativeHelper;
+import com.querydsl.sql.SQLTemplates;
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.LockModeType;
 import java.util.ArrayList;
@@ -139,7 +140,9 @@ public <T> T executeWithKey(Class<T> type) {
         JpaInsertNativeHelper.resolveConstants(
             serializer.getConstants(), queryMixin.getMetadata().getParams());
 
-    var sql = JpaInsertNativeHelper.buildNativeInsertSQL(entityClass, effectiveColumns);
+    var sql =
+        JpaInsertNativeHelper.buildNativeInsertSQL(
+            SQLTemplates.DEFAULT, entityClass, effectiveColumns);
 
     try {
       return entityManager

querydsl-libraries/querydsl-jpa/src/test/java/com/querydsl/jpa/JpaInsertNativeHelperTest.java

@@ -21,6 +21,7 @@
 import com.querydsl.jpa.domain.QAuthor;
 import com.querydsl.jpa.domain.QGeneratedKeyEntity;
 import com.querydsl.jpa.domain.QNumeric;
+import com.querydsl.sql.SQLTemplates;
 import java.util.List;
 import org.junit.Test;
 
@@ -64,16 +65,33 @@ public void resolveColumnName_without_column_annotation() {
   public void buildNativeInsertSQL() {
     var entity = QGeneratedKeyEntity.generatedKeyEntity;
     var sql =
-        JpaInsertNativeHelper.buildNativeInsertSQL(GeneratedKeyEntity.class, List.of(entity.name));
+        JpaInsertNativeHelper.buildNativeInsertSQL(
+            SQLTemplates.DEFAULT, GeneratedKeyEntity.class, List.of(entity.name));
 
+    // SQLTemplates.DEFAULT uses double quotes only when required (reserved words or special chars)
     assertThat(sql).isEqualTo("INSERT INTO generated_key_entity (name_) VALUES (?)");
   }
 
   @Test
   public void buildNativeInsertSQL_multiple_columns() {
     var numeric = QNumeric.numeric;
-    var sql = JpaInsertNativeHelper.buildNativeInsertSQL(Numeric.class, List.of(numeric.value));
+    var sql =
+        JpaInsertNativeHelper.buildNativeInsertSQL(
+            SQLTemplates.DEFAULT, Numeric.class, List.of(numeric.value));
 
     assertThat(sql).isEqualTo("INSERT INTO numeric_ (value_) VALUES (?)");
   }
+
+  @Test
+  public void buildNativeInsertSQL_quotes_reserved_words() {
+    // Custom SQLTemplates with useQuotes=true always quotes identifiers
+    var alwaysQuote = new SQLTemplates("\"", '\\', true) {};
+
+    var entity = QGeneratedKeyEntity.generatedKeyEntity;
+    var sql =
+        JpaInsertNativeHelper.buildNativeInsertSQL(
+            alwaysQuote, GeneratedKeyEntity.class, List.of(entity.name));
+
+    assertThat(sql).isEqualTo("INSERT INTO \"generated_key_entity\" (\"name_\") VALUES (?)");
+  }
 }