fix: address PR review - backslash escaping, access control, PK guard, translations

Author: datlechin

TablePro/Core/Utilities/SQL/SQLRowToStatementConverter.swift

@@ -4,15 +4,15 @@
 
 import Foundation
 
-struct SQLRowToStatementConverter {
-    let tableName: String
-    let columns: [String]
-    let primaryKeyColumn: String?
-    let databaseType: DatabaseType
+internal struct SQLRowToStatementConverter {
+    internal let tableName: String
+    internal let columns: [String]
+    internal let primaryKeyColumn: String?
+    internal let databaseType: DatabaseType
 
     private static let maxRows = 50_000
 
-    func generateInserts(rows: [[String?]]) -> String {
+    internal func generateInserts(rows: [[String?]]) -> String {
         let capped = rows.prefix(Self.maxRows)
         let quotedTable = quoteColumn(tableName)
         let quotedColumns = columns.map { quoteColumn($0) }.joined(separator: ", ")
@@ -23,7 +23,7 @@ struct SQLRowToStatementConverter {
         }.joined(separator: "\n")
     }
 
-    func generateUpdates(rows: [[String?]]) -> String {
+    internal func generateUpdates(rows: [[String?]]) -> String {
         let capped = rows.prefix(Self.maxRows)
 
         return capped.map { row in
@@ -39,9 +39,10 @@ struct SQLRowToStatementConverter {
         let setClause: String
         let whereClause: String
 
-        if let pkColumn = primaryKeyColumn {
-            let pkIndex = columns.firstIndex(of: pkColumn)
-            let pkValue = pkIndex.map { row.indices.contains($0) ? row[$0] : nil } ?? nil
+        if let pkColumn = primaryKeyColumn,
+           let pkIndex = columns.firstIndex(of: pkColumn),
+           row.indices.contains(pkIndex) {
+            let pkValue = row[pkIndex]
 
             let setClauses = columns.enumerated().compactMap { index, col -> String? in
                 guard col != pkColumn else { return nil }
@@ -83,7 +84,11 @@ struct SQLRowToStatementConverter {
         guard let value else {
             return "NULL"
         }
-        return "'\(value.replacingOccurrences(of: "'", with: "''"))'"
+        var escaped = value.replacingOccurrences(of: "'", with: "''")
+        if databaseType == .mysql || databaseType == .mariadb {
+            escaped = escaped.replacingOccurrences(of: "\\", with: "\\\\")
+        }
+        return "'\(escaped)'"
     }
 
     private func quoteColumn(_ name: String) -> String {

TablePro/Resources/Localizable.xcstrings

@@ -4066,7 +4066,20 @@
       }
     },
     "Copy as" : {
-
+      "localizations" : {
+        "vi" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Sao chép dạng"
+          }
+        },
+        "zh-Hans" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "复制为"
+          }
+        }
+      }
     },
     "Copy as URL" : {
       "localizations" : {
@@ -8455,7 +8468,20 @@
       }
     },
     "INSERT Statement(s)" : {
-
+      "localizations" : {
+        "vi" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Câu lệnh INSERT"
+          }
+        },
+        "zh-Hans" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "INSERT 语句"
+          }
+        }
+      }
     },
     "Inspector" : {
       "localizations" : {
@@ -16644,7 +16670,20 @@
       }
     },
     "UPDATE Statement(s)" : {
-
+      "localizations" : {
+        "vi" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "Câu lệnh UPDATE"
+          }
+        },
+        "zh-Hans" : {
+          "stringUnit" : {
+            "state" : "translated",
+            "value" : "UPDATE 语句"
+          }
+        }
+      }
     },
     "Updated" : {
       "localizations" : {

TableProTests/Core/Utilities/SQLRowToStatementConverterTests.swift

@@ -138,6 +138,31 @@ struct SQLRowToStatementConverterTests {
         #expect(update == "UPDATE \"users\" SET \"name\" = 'Alice', \"email\" = 'alice@example.com' WHERE \"id\" = '1';")
     }
 
+    @Test("MySQL escapes backslashes in values")
+    func mysqlBackslashEscaping() {
+        let converter = makeConverter(databaseType: .mysql)
+        let result = converter.generateInserts(rows: [["1", "C:\\Users\\test", "a@b.com"]])
+        #expect(result == "INSERT INTO `users` (`id`, `name`, `email`) VALUES ('1', 'C:\\\\Users\\\\test', 'a@b.com');")
+    }
+
+    @Test("PostgreSQL does not escape backslashes")
+    func postgresqlNoBackslashEscaping() {
+        let converter = makeConverter(databaseType: .postgresql)
+        let result = converter.generateInserts(rows: [["1", "C:\\Users\\test", "a@b.com"]])
+        #expect(result == "INSERT INTO \"users\" (\"id\", \"name\", \"email\") VALUES ('1', 'C:\\Users\\test', 'a@b.com');")
+    }
+
+    @Test("UPDATE falls back to all-column WHERE when PK not in columns")
+    func updatePkNotInColumnsFallsBack() {
+        let converter = makeConverter(
+            columns: ["name", "email"],
+            primaryKeyColumn: "id",
+            databaseType: .mysql
+        )
+        let result = converter.generateUpdates(rows: [["Alice", "alice@example.com"]])
+        #expect(result == "UPDATE `users` SET `name` = 'Alice', `email` = 'alice@example.com' WHERE `name` = 'Alice' AND `email` = 'alice@example.com';")
+    }
+
     // MARK: - Edge Cases
 
     @Test("Empty rows input returns empty string")