From d468e2f524022b1b1e5fe0e1d58a4efcc6583545 Mon Sep 17 00:00:00 2001
From: Keuin <keuinx@gmail.com>
Date: Sun, 22 Oct 2023 23:21:00 +0800
Subject: bugfix: SQL syntax error in some environment

---
 src/main/java/com/keuin/blame/lookup/QueryExecutor.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/main')

diff --git a/src/main/java/com/keuin/blame/lookup/QueryExecutor.java b/src/main/java/com/keuin/blame/lookup/QueryExecutor.java
index da25064..e11cdda 100644
--- a/src/main/java/com/keuin/blame/lookup/QueryExecutor.java
+++ b/src/main/java/com/keuin/blame/lookup/QueryExecutor.java
@@ -30,7 +30,7 @@ public class QueryExecutor {
         // ClickHouse driver's parameterized SQL generator is a piece of shit.
         // I won't use that. Use string interpolation instead.
         var sql = "select subject_id, object_id, action_type, ts";
-        sql += " from " + escape(DatabaseUtil.DB_CONFIG.getTable());
+        sql += " from " + escapeIdentifier(DatabaseUtil.DB_CONFIG.getTable());
         sql += " where subject_world=%s and object_x=%d and object_y=%d and object_z=%d".formatted(
                 escape(world), x, y, z
         );
@@ -47,6 +47,10 @@ public class QueryExecutor {
         return "'" + s.replace("\\", "\\\\").replace("'", "\\'") + "'";
     }
 
+    private static String escapeIdentifier(String s) {
+        return "\"" + s.replace("\\", "\\\\").replace("\"", "\"\"") + "\"";
+    }
+
     public void byBlockPos(
             String world,
             long x, long y, long z,
-- 
cgit v1.2.3