pub fn escape_identifier(ident: &str) -> StringExpand description
Escape and quote a PostgreSQL identifier to prevent SQL injection.
PostgreSQL identifiers (table names, column names, role names, etc.) must be quoted with double quotes and any internal double quotes must be escaped by doubling them.
§Examples
use grant::config::sql_utils::escape_identifier;
assert_eq!(escape_identifier("users"), "\"users\"");
assert_eq!(escape_identifier("my\"table"), "\"my\"\"table\"");
assert_eq!(escape_identifier("role'name"), "\"role'name\"");§Security
This function prevents SQL injection by ensuring that user-provided identifiers cannot break out of their quoted context.