Skip to content

Commit e05fdd4

Browse files
committed
Extract _escape_single_quotes() helper for the string-literal escaping
1 parent 9bf6b06 commit e05fdd4

1 file changed

Lines changed: 6 additions & 5 deletions

File tree

Lib/sqlite3/dump.py

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,12 @@ def _quote_name(name):
1111
return '"{0}"'.format(name.replace('"', '""'))
1212

1313

14+
def _escape_single_quotes(value):
15+
return value.replace("'", "''")
16+
17+
1418
def _quote_value(value):
15-
return "'{0}'".format(value.replace("'", "''"))
19+
return "'{0}'".format(_escape_single_quotes(value))
1620

1721

1822
def _iterdump(connection, *, filter=None):
@@ -80,11 +84,8 @@ def _iterdump(connection, *, filter=None):
8084
table_name_ident = _quote_name(table_name)
8185
res = cu.execute(f'PRAGMA table_info({table_name_ident})')
8286
column_names = [str(table_info[1]) for table_info in res.fetchall()]
83-
# In the string-literal copy any single quote must be doubled;
84-
# the FROM clause below uses the identifier form as-is.
85-
table_name_literal = table_name_ident.replace("'", "''")
8687
q = "SELECT 'INSERT INTO {0} VALUES('{1}')' FROM {2};".format(
87-
table_name_literal,
88+
_escape_single_quotes(table_name_ident),
8889
"','".join(
8990
"||quote({0})||".format(_quote_name(col)) for col in column_names
9091
),

0 commit comments

Comments
 (0)