Skip to content

Quote procname and user variables with backticks in callproc#789

Draft
Copilot wants to merge 4 commits into
mainfrom
copilot/port-callproc-quote-procname
Draft

Quote procname and user variables with backticks in callproc#789
Copilot wants to merge 4 commits into
mainfrom
copilot/port-callproc-quote-procname

Conversation

Copilot AI commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

callproc passed the procedure name and user variable names unquoted into SQL, making it unsafe for names containing reserved words or special characters.

Changes

  • _backquote_escape(s) — new helper that doubles backticks in a bytes value to safely embed it as a backtick-quoted identifier
  • callproc — escapes procname and wraps it in backticks in both the CALL statement and the @_procname_n`` user variables used for args/OUT params
-- before
SET @_my_proc_0=...; CALL my_proc(@_my_proc_0)

-- after
SET @`_my_proc_0`=...; CALL `my_proc`(@`_my_proc_0`)

Ports PyMySQL/PyMySQL#1225.

Copilot AI linked an issue Jun 11, 2026 that may be closed by this pull request
Callproc should quote procname #788
Open
Copilot AI changed the title [WIP] Port changes from PR #1225 to quote procname in callproc Quote procname and user variables with backticks in callproc Jun 11, 2026
Copilot AI requested a review from methane June 11, 2026 07:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@methane methane Awaiting requested review from methane

Assignees

@methane methane

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Callproc should quote procname

2 participants

@methane