fix: escape table name (#16)

* fix: escape table name

This way, we can avoid issues when using table names that are reserved database keywords

Author: Gustrb

sql/table.go

@@ -101,7 +101,7 @@ func DropTableQuery(name string, ifExists bool) string {
 		ext = " IF EXISTS"
 	}
 
-	return fmt.Sprintf("DROP TABLE%s %s", ext, name)
+	return fmt.Sprintf("DROP TABLE%s `%s`", ext, name)
 }
 
 func ShowTablesLikeQuery(name string) string {
@@ -111,24 +111,24 @@ func ShowTablesLikeQuery(name string) string {
 func InsertQuery(tableName string, columnNames []string) string {
 	questionMarks := repeatComma(len(columnNames), "?")
 
-	return fmt.Sprintf("INSERT INTO %s (%s) VALUES (%s)",
+	return fmt.Sprintf("INSERT INTO `%s` (%s) VALUES (%s)",
 		tableName, strings.Join(quoteColumnNames(columnNames), ","), questionMarks)
 }
 
 func ReplaceQuery(tableName string, columnNames []string) string {
 	questionMarks := repeatComma(len(columnNames), "?")
 
-	return fmt.Sprintf("REPLACE INTO %s (%s) VALUES (%s)",
+	return fmt.Sprintf("REPLACE INTO `%s` (%s) VALUES (%s)",
 		tableName, strings.Join(quoteColumnNames(columnNames), ","), questionMarks)
 }
 
 func SelectQuery(tableName string, columnNames []string) string {
-	columns := strings.Join(columnNames, ",")
-	if columns == "" {
-		columns = "*"
+	columns := "*"
+	if len(columnNames) > 0 {
+		columns = strings.Join(quoteColumnNames(columnNames), ", ")
 	}
 
-	return fmt.Sprintf("SELECT %s FROM %s", columns, tableName)
+	return fmt.Sprintf("SELECT %s FROM `%s`", columns, tableName)
 }
 
 func UpdateQuery(tableName, index string, columnNames []string) string {
@@ -140,17 +140,16 @@ func UpdateAllQuery(tableName string, columnNames []string) string {
 }
 
 func DeleteQuery(tableName, index string) string {
-	return fmt.Sprintf("DELETE FROM %s WHERE %s=?", tableName, index)
+	return fmt.Sprintf("DELETE FROM `%s` WHERE %s=?", tableName, index)
 }
 
 func quoteColumnNames(columns []string) []string {
-	quoted := []string{}
-
+	var cols []string
 	for _, c := range columns {
-		quoted = append(quoted, fmt.Sprintf("`%s`", c))
+		cols = append(cols, "`"+c+"`")
 	}
 
-	return quoted
+	return cols
 }
 
 func repeatComma(num int, char string) string {

sql/table_test.go

@@ -77,23 +77,23 @@ func TestNewTableQuery(t *testing.T) {
 }
 
 func TestDropTableQuery(t *testing.T) {
-	assert.Equal(t, sql.DropTableQuery("yolo", false), "DROP TABLE yolo")
-	assert.Equal(t, sql.DropTableQuery("yolo", true), "DROP TABLE IF EXISTS yolo")
+	assert.Equal(t, sql.DropTableQuery("yolo", false), "DROP TABLE `yolo`")
+	assert.Equal(t, sql.DropTableQuery("yolo", true), "DROP TABLE IF EXISTS `yolo`")
 }
 
 func TestSelectQuery(t *testing.T) {
-	assert.Equal(t, sql.SelectQuery("yolo", []string{"foo", "bar"}), "SELECT foo,bar FROM yolo")
-	assert.Equal(t, sql.SelectQuery("yolo", []string{}), "SELECT * FROM yolo")
+	assert.Equal(t, sql.SelectQuery("yolo", []string{"foo", "bar"}), "SELECT `foo`, `bar` FROM `yolo`")
+	assert.Equal(t, sql.SelectQuery("yolo", []string{}), "SELECT * FROM `yolo`")
 }
 
 func TestInsertQuery(t *testing.T) {
-	assert.Equal(t, sql.InsertQuery("yolo", []string{"name", "email", "age"}), "INSERT INTO yolo (`name`,`email`,`age`) VALUES (?,?,?)")
+	assert.Equal(t, sql.InsertQuery("yolo", []string{"name", "email", "age"}), "INSERT INTO `yolo` (`name`,`email`,`age`) VALUES (?,?,?)")
 }
 
 func TestUpdateQuery(t *testing.T) {
 	assert.Equal(t, sql.UpdateQuery("yolo", "id", []string{"name", "email", "age"}), "UPDATE yolo SET `name`=?, `email`=?, `age`=? WHERE id=?")
 }
 
 func TestDeleteQuery(t *testing.T) {
-	assert.Equal(t, sql.DeleteQuery("yolo", "id"), "DELETE FROM yolo WHERE id=?")
+	assert.Equal(t, sql.DeleteQuery("yolo", "id"), "DELETE FROM `yolo` WHERE id=?")
 }