Fix #4801: Escape unicode/emoji in sanitiseTableName

PostgreSQL requires escaping for non-ASCII characters in identifiers. The sanitiseTableName() function previously only checked for spaces, hyphens, and uppercase letters, but missed unicode and emoji characters. Added containsNonASCII() helper function to detect any characters with rune values > 127 (non-ASCII). Now properly escapes table names with: - Unicode characters (Chinese, Cyrillic, Arabic, etc.) - Emoji - Accented characters This prevents SQL errors and potential injection issues when using international table names in the interactive client.
2025-12-19 18:12:43 -05:00 · 2025-11-11 23:16:30 +08:00
parent 0b0a131873
commit c5c482f94a
1 changed files with 13 additions and 1 deletions
--- a/pkg/interactive/interactive_client_autocomplete.go
+++ b/pkg/interactive/interactive_client_autocomplete.go
@@ -114,10 +114,22 @@ func sanitiseTableName(strToEscape string) string {
 	for _, token := range tokens {
 		// if string contains spaces or special characters(-) or upper case characters, escape it,
 		// as Postgres by default converts to lower case
-		if strings.ContainsAny(token, " -") || utils.ContainsUpper(token) {
+		// Also escape unicode/emoji characters as PostgreSQL requires escaping for non-ASCII identifiers
+		if strings.ContainsAny(token, " -") || utils.ContainsUpper(token) || containsNonASCII(token) {
 			token = db_common.PgEscapeName(token)
 		}
 		escaped = append(escaped, token)
 	}
 	return strings.Join(escaped, ".")
 }
+
+// containsNonASCII checks if a string contains any non-ASCII characters
+// (unicode, emoji, etc.) which require PostgreSQL identifier escaping
+func containsNonASCII(s string) bool {
+	for _, r := range s {
+		if r > 127 {
+			return true
+		}
+	}
+	return false
+}