Skip to content

escape single quote to double quotes after formatting sql#74

Open
kbarbounakis wants to merge 1 commit intothemost-framework:masterfrom
kbarbounakis:73-execution-error-when-creating-views
Open

escape single quote to double quotes after formatting sql#74
kbarbounakis wants to merge 1 commit intothemost-framework:masterfrom
kbarbounakis:73-execution-error-when-creating-views

Conversation

@kbarbounakis
Copy link
Copy Markdown
Collaborator

@kbarbounakis kbarbounakis commented Feb 17, 2026
edited
Loading

This PR closes #73 and escapes single quotes with double quotes after formatting a query expression.

@kbarbounakis kbarbounakis added the enhancement New feature or request label Feb 17, 2026
@kbarbounakis kbarbounakis requested a review from Copilot February 17, 2026 19:09
Copilot AI reviewed Feb 17, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes issue #73 where creating MS SQL Server views with queries containing single quotes in string literals would fail with a syntax error. The fix applies proper escaping for single quotes when constructing dynamic SQL within an EXECUTE statement.

Changes:

  • Added .replace(/'/g, "''") to escape single quotes in formatted query strings before embedding them in EXECUTE() statements

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/MSSqlAdapter.js
try {
const formatter = new MSSqlFormatter();
const sql = 'EXECUTE(\'' + sprintf('CREATE VIEW %s.%s AS ', formatter.escapeName(owner), formatter.escapeName(view)) + formatter.format(q) + '\')';
const sql = 'EXECUTE(\'' + sprintf('CREATE VIEW %s.%s AS ', formatter.escapeName(owner), formatter.escapeName(view)) + formatter.format(q).replace(/'/g, '\'\'') + '\')';
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding a test case to verify that view creation works correctly with queries containing string literals with single quotes. For example, a query with a WHERE clause like WHERE name = 'O''Brien' or similar quoted strings to ensure the escaping logic works as expected.

Suggested change
const sql = 'EXECUTE(\'' + sprintf('CREATE VIEW %s.%s AS ', formatter.escapeName(owner), formatter.escapeName(view)) + formatter.format(q).replace(/'/g, '\'\'') + '\')';
const createViewSql = sprintf('CREATE VIEW %s.%s AS ', formatter.escapeName(owner), formatter.escapeName(view)) + formatter.format(q);
const escapedCreateViewSql = createViewSql.replace(/'/g, '\'\'');
const sql = 'EXECUTE(\'' + escapedCreateViewSql + '\')';

Copilot uses AI. Check for mistakes.
@kbarbounakis kbarbounakis requested a review from Copilot February 18, 2026 06:50
Copilot AI reviewed Feb 18, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Execution error when creating views with queries containing quoted strings

2 participants

@kbarbounakis