From 30b4410c47ea602ea05367b5f557f2cdeb025344 Mon Sep 17 00:00:00 2001
From: Bjar Ne <gleichdick@users.noreply.github.com>
Date: Sun, 4 Aug 2024 01:10:12 +0200
Subject: [PATCH 1/2] Add test for appendGTE and friends.

---
 test/DatabaseConnection.cpp | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/test/DatabaseConnection.cpp b/test/DatabaseConnection.cpp
index 98a78b7..51f93fd 100644
--- a/test/DatabaseConnection.cpp
+++ b/test/DatabaseConnection.cpp
@@ -30,6 +30,7 @@
 
 #include <gtest/gtest.h>
 
+#include <geometry_msgs/msg/point.hpp>
 #include <geometry_msgs/msg/pose.hpp>
 #include <geometry_msgs/msg/vector3.hpp>
 #include <warehouse_ros_sqlite/database_connection.hpp>
@@ -403,6 +404,41 @@ TEST_F(ConnectionTest, Sorting)
   }
 }
 
+TEST_F(ConnectionTest, appendGTE)
+{
+  auto coll = conn_->openCollection<geometry_msgs::msg::Point>("test_db", "test_collection");
+
+  auto metadata = coll.createMetadata();
+  metadata->append("test_metadata", 5.0);
+
+  geometry_msgs::msg::Point msg = {};
+  coll.insert(msg, metadata);
+
+  {
+    auto query = coll.createQuery();
+    query->appendGTE("unrelated", 4.0);
+    EXPECT_TRUE(coll.queryList(query).empty());
+  }
+
+  {
+    auto query = coll.createQuery();
+    query->appendGT("unrelated", 4.0);
+    EXPECT_TRUE(coll.queryList(query).empty());
+  }
+
+  {
+    auto query = coll.createQuery();
+    query->appendLTE("unrelated", 6.0);
+    EXPECT_TRUE(coll.queryList(query).empty());
+  }
+
+  {
+    auto query = coll.createQuery();
+    query->appendLT("unrelated", 6.0);
+    EXPECT_TRUE(coll.queryList(query).empty());
+  }
+}
+
 TEST(Utils, Md5Validation)
 {
   const char * a = "4a842b65f413084dc2b10fb484ea7f17";

From d7fb4b7a2910f113dc7d6930673395befa63a163 Mon Sep 17 00:00:00 2001
From: Bjar Ne <gleichdick@users.noreply.github.com>
Date: Sun, 4 Aug 2024 01:13:58 +0200
Subject: [PATCH 2/2] Use backticks to enquote SQL identifiers

Using double quotes had the disadvantage that unknown
column names were silently changed to a string literal
in WHERE statements. This can be avoided by using backticks.

Fixes #43
---
 include/warehouse_ros_sqlite/utils.hpp |  2 +-
 test/DatabaseConnection.cpp            | 17 +++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/include/warehouse_ros_sqlite/utils.hpp b/include/warehouse_ros_sqlite/utils.hpp
index e5c1d9c..3255fb3 100644
--- a/include/warehouse_ros_sqlite/utils.hpp
+++ b/include/warehouse_ros_sqlite/utils.hpp
@@ -104,7 +104,7 @@ using escaped_columnname = std::string;
 using escaped_tablename = std::string;
 inline std::string escape_identifier(const std::string & s)
 {
-  return "\"" + detail::escape<'"'>(s) + "\"";
+  return "`" + detail::escape<'`'>(s) + "`";
 }
 inline escaped_columnname escape_columnname_with_prefix(const std::string & c)
 {
diff --git a/test/DatabaseConnection.cpp b/test/DatabaseConnection.cpp
index 51f93fd..adf2fca 100644
--- a/test/DatabaseConnection.cpp
+++ b/test/DatabaseConnection.cpp
@@ -439,6 +439,23 @@ TEST_F(ConnectionTest, appendGTE)
   }
 }
 
+TEST_F(ConnectionTest, BacktickInMeta)
+{
+  auto coll = conn_->openCollection<geometry_msgs::msg::Point>("test_db", "test_backtick");
+
+  auto metadata = coll.createMetadata();
+  metadata->append("test_`metadata", 5.0);
+
+  geometry_msgs::msg::Point msg = {};
+  coll.insert(msg, metadata);
+
+  {
+    auto query = coll.createQuery();
+    query->appendGTE("test_`metadata", 4.0);
+    EXPECT_EQ(coll.queryList(query).size(), 1);
+  }
+}
+
 TEST(Utils, Md5Validation)
 {
   const char * a = "4a842b65f413084dc2b10fb484ea7f17";