Merge pull request #191 from sosedoff/order-escape-query

Add escaping to order statement

data/booktown.sql

@@ -17,6 +17,15 @@ CREATE DATABASE "booktown";
 -- Name: DATABASE "booktown" Type: COMMENT Owner: 
 --
 
+CREATE TABLE "dummies" (
+  "id" integer NOT NULL,
+  "isDummy" boolean
+);
+
+INSERT INTO "dummies" VALUES (1, true);
+INSERT INTO "dummies" VALUES (2, true);
+
+
 COMMENT ON DATABASE "booktown" IS 'The Book Town Database.';
 
 --

pkg/client/client.go

@@ -158,7 +158,7 @@ func (client *Client) TableRows(table string, opts RowsOptions) (*Result, error)
 			opts.SortOrder = "ASC"
 		}
 
-		sql += fmt.Sprintf(" ORDER BY %s %s", opts.SortColumn, opts.SortOrder)
+		sql += fmt.Sprintf(` ORDER BY "%s" %s`, opts.SortColumn, opts.SortOrder)
 	}
 
 	if opts.Limit > 0 {

pkg/client/client_test.go

@@ -180,6 +180,7 @@ func test_Objects(t *testing.T) {
 		"customers",
 		"daily_inventory",
 		"distinguished_authors",
+		"dummies",
 		"editions",
 		"employees",
 		"favorite_authors",
@@ -285,6 +286,17 @@ func test_QueryInvalidTable(t *testing.T) {
 	assert.Equal(t, true, res == nil)
 }
 
+func test_TableRowsOrderEscape(t *testing.T) {
+	rows, err := testClient.TableRows("dummies", RowsOptions{SortColumn: "isDummy"})
+	assert.Equal(t, nil, err)
+	assert.Equal(t, 2, len(rows.Rows))
+
+	rows, err = testClient.TableRows("dummies", RowsOptions{SortColumn: "isdummy"})
+	assert.NotEqual(t, nil, err)
+	assert.Equal(t, `pq: column "isdummy" does not exist`, err.Error())
+	assert.Equal(t, true, rows == nil)
+}
+
 func test_ResultCsv(t *testing.T) {
 	res, _ := testClient.Query("SELECT * FROM books ORDER BY id ASC LIMIT 1")
 	csv := res.CSV()
@@ -346,6 +358,7 @@ func TestAll(t *testing.T) {
 	test_Query(t)
 	test_QueryError(t)
 	test_QueryInvalidTable(t)
+	test_TableRowsOrderEscape(t)
 	test_ResultCsv(t)
 	test_History(t)
 	test_HistoryError(t)