Quote values.

internal/util/error.go

@@ -23,6 +23,7 @@ const (
 	OffsetErr    = ErrorString("sqlite3: invalid offset")
 	TailErr      = ErrorString("sqlite3: multiple statements")
 	IsolationErr = ErrorString("sqlite3: unsupported isolation level")
+	ValueErr     = ErrorString("sqlite3: unsupported value")
 	NoVFSErr     = ErrorString("sqlite3: no such vfs: ")
 )
 

quote.go

@@ -0,0 +1,71 @@
+package sqlite3
+
+import (
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/ncruces/go-sqlite3/internal/util"
+)
+
+// Quote quotes a value such that it is safe to embed in SQL text.
+func Quote(value any) string {
+	switch v := value.(type) {
+	case nil:
+		return "NULL"
+	case bool:
+		if v {
+			return "TRUE"
+		} else {
+			return "FALSE"
+		}
+
+	case int:
+		return strconv.Itoa(v)
+	case int64:
+		return strconv.FormatInt(v, 10)
+	case float64:
+		return strconv.FormatFloat(v, 'g', -1, 64)
+	case ZeroBlob:
+		return "zeroblob(" + strconv.FormatInt(int64(v), 10) + ")"
+	case time.Time:
+		return "'" + v.Format(time.RFC3339Nano) + "'"
+
+	case string:
+		if strings.IndexByte(v, 0) >= 0 {
+			break
+		}
+
+		buf := make([]byte, 2+len(v)+strings.Count(v, "'"))
+
+		i := 1
+		buf[0] = '\''
+		for _, b := range []byte(v) {
+			if b == '\'' {
+				buf[i] = b
+				i += 1
+			}
+			buf[i] = b
+			i += 1
+		}
+		buf[i] = '\''
+		return string(buf)
+
+	case []byte:
+		buf := make([]byte, 3+2*len(v))
+
+		i := 2
+		buf[0] = 'x'
+		buf[1] = '\''
+		for _, b := range v {
+			const hex = "0123456789ABCDEF"
+			buf[i+0] = hex[b/16]
+			buf[i+1] = hex[b%16]
+			i += 2
+		}
+		buf[i] = '\''
+		return string(buf)
+	}
+
+	panic(util.ValueErr)
+}

sqlite3/func.c

@@ -38,4 +38,4 @@ int sqlite3_create_window_function_go(sqlite3 *db, const char *zName, int nArg,
 
 void sqlite3_set_auxdata_go(sqlite3_context *ctx, int iArg, void *pAux) {
   sqlite3_set_auxdata(ctx, iArg, pAux, go_destroy);
-}
+}

sqlite3/main.c

@@ -23,4 +23,4 @@ __attribute__((constructor)) void init() {
   sqlite3_auto_extension((void (*)(void))sqlite3_uint_init);
   sqlite3_auto_extension((void (*)(void))sqlite3_uuid_init);
   sqlite3_auto_extension((void (*)(void))sqlite3_time_init);
-}
+}

sqlite3/progress.c

@@ -6,4 +6,4 @@ int go_progress(void *);
 
 void sqlite3_progress_handler_go(sqlite3 *db, int n) {
   sqlite3_progress_handler(db, n, go_progress, /*arg=*/NULL);
-}
+}

tests/quote_test.go

@@ -0,0 +1,49 @@
+package tests
+
+import (
+	"math"
+	"reflect"
+	"testing"
+	"time"
+
+	"github.com/ncruces/go-sqlite3"
+)
+
+func TestQuote(t *testing.T) {
+	tests := []struct {
+		val  any
+		want string
+	}{
+		{`abc`, "'abc'"},
+		{`a"bc`, "'a\"bc'"},
+		{`a'bc`, "'a''bc'"},
+		{"\x07bc", "'\abc'"},
+		{"\x1c\n", "'\x1c\n'"},
+		{[]byte("\xB0\x00\x0B"), "x'B0000B'"},
+		{"\xB0\x00\x0B", ""},
+
+		{0, "0"},
+		{nil, "NULL"},
+		{true, "TRUE"},
+		{false, "FALSE"},
+		{math.Pi, "3.141592653589793"},
+		{int64(math.MaxInt64), "9223372036854775807"},
+		{sqlite3.ZeroBlob(64), "zeroblob(64)"},
+		{time.Unix(0, 0).UTC(), "'1970-01-01T00:00:00Z'"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.want, func(t *testing.T) {
+			defer func() {
+				if r := recover(); r != nil && tt.want != "" {
+					t.Errorf("Quote(%q) = %v", tt.val, r)
+				}
+			}()
+
+			got := sqlite3.Quote(tt.val)
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("Quote(%v) = %q, want %q", tt.val, got, tt.want)
+			}
+		})
+	}
+}