@@ -225,34 +225,36 @@ def run_command(command, error: nil)
225225 end
226226
227227 def add_column ( table , column )
228- $conn. exec ( "ALTER TABLE \" #{ table } \" ADD COLUMN \" #{ column } \" timestamp" )
228+ $conn. exec ( "ALTER TABLE #{ quote_ident ( table ) } #{ quote_ident ( column ) } )
229229 end
230230
231231 def assert_column ( table , column )
232- assert_includes $conn. exec ( "SELECT * FROM \" #{ table } \" LIMIT 0" ) . fields , column
232+ assert_includes $conn. exec ( "SELECT * FROM #{ quote_ident ( table ) } ) . fields , column
233233 end
234234
235235 def table_exists? ( table_name )
236- result = $conn . exec <<~SQL
236+ sql = <<~SQL
237237 SELECT * FROM information_schema.tables
238- WHERE table_schema = 'public' AND table_name = ' #{ table_name } '
238+ WHERE table_schema = 'public' AND table_name = $1
239239 SQL
240+ result = $conn. exec_params ( sql , [ table_name ] )
240241 result . any?
241242 end
242243
243244 def count ( table_name , only : false )
244245 result = $conn. exec <<~SQL
245- SELECT COUNT(*) FROM #{ only ? "ONLY " : "" } " #{ table_name } "
246+ SELECT COUNT(*) FROM #{ only ? "ONLY " : "" } #{ quote_ident ( table_name ) }
246247 SQL
247248 result . first [ "count" ] . to_i
248249 end
249250
250251 def primary_key ( table_name )
251- result = $conn . exec <<~SQL
252+ sql = <<~SQL
252253 SELECT pg_get_constraintdef(oid) AS def
253254 FROM pg_constraint
254- WHERE contype = 'p' AND conrelid = '" #{ table_name } "' ::regclass
255+ WHERE contype = 'p' AND conrelid = $1 ::regclass
255256 SQL
257+ result = $conn. exec_params ( sql , [ quote_ident ( table_name ) ] )
256258 result . first
257259 end
258260
@@ -266,11 +268,12 @@ def refute_primary_key(table_name)
266268 end
267269
268270 def index ( table_name )
269- result = $conn . exec <<~SQL
271+ sql = <<~SQL
270272 SELECT pg_get_indexdef(indexrelid)
271273 FROM pg_index
272- WHERE indrelid = '" #{ table_name } "' ::regclass AND indisprimary = 'f'
274+ WHERE indrelid = $1 ::regclass AND indisprimary = 'f'
273275 SQL
276+ result = $conn. exec_params ( sql , [ quote_ident ( table_name ) ] )
274277 result . first
275278 end
276279
@@ -283,23 +286,25 @@ def refute_index(table_name)
283286 end
284287
285288 def assert_foreign_key ( table_name )
286- result = $conn . exec <<~SQL
289+ sql = <<~SQL
287290 SELECT pg_get_constraintdef(oid) AS def
288291 FROM pg_constraint
289- WHERE contype = 'f' AND conrelid = '" #{ table_name } "' ::regclass
292+ WHERE contype = 'f' AND conrelid = $1 ::regclass
290293 SQL
294+ result = $conn. exec_params ( sql , [ quote_ident ( table_name ) ] )
291295 assert !result . detect { |row | row [ "def" ] =~ /\A FOREIGN KEY \( .*\) REFERENCES "Users"\( "Id"\) \z / } . nil? , "Missing foreign key on #{ table_name }
292296 end
293297
294298 # extended statistics are built on partitioned tables
295299 # https://github.com/postgres/postgres/commit/20b9fa308ebf7d4a26ac53804fce1c30f781d60c
296300 # (backported to Postgres 10)
297301 def assert_statistics ( table_name )
298- result = $conn . exec <<~SQL
302+ sql = <<~SQL
299303 SELECT n_distinct
300304 FROM pg_stats_ext
301- WHERE tablename = ' #{ table_name } '
305+ WHERE tablename = $1
302306 SQL
307+ result = $conn. exec_params ( sql , [ table_name ] )
303308 assert result . any? , "Missing extended statistics on #{ table_name }
304309 assert_equal '{"1, 2": 10002}' , result . first [ "n_distinct" ]
305310 end
@@ -308,6 +313,10 @@ def server_version_num
308313 $conn. exec ( "SHOW server_version_num" ) . first [ "server_version_num" ] . to_i
309314 end
310315
316+ def quote_ident ( value )
317+ PG ::Connection . quote_ident ( value )
318+ end
319+
311320 def verbose?
312321 ENV [ "VERBOSE" ]
313322 end
0 commit comments