File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -240,15 +240,16 @@ final class ExportService: ObservableObject {
240240
241241 /// Sanitize a name for use in SQL comments to prevent comment injection
242242 ///
243- /// Removes characters that could break out of SQL comments:
243+ /// Removes characters that could break out of or nest SQL comments:
244244 /// - Newlines (could start new SQL statements)
245- /// - Comment terminators (* / )
245+ /// - Comment sequences (/* */ -- )
246246 private func sanitizeForSQLComment( _ name: String ) -> String {
247247 var result = name
248248 // Replace newlines with spaces
249249 result = result. replacingOccurrences ( of: " \n " , with: " " )
250250 result = result. replacingOccurrences ( of: " \r " , with: " " )
251- // Remove comment terminators (remove the asterisk-slash sequence)
251+ // Remove comment sequences (both opening and closing)
252+ result = result. replacingOccurrences ( of: " /*", with: "")
252253 result = result.replacingOccurrences(of: "*/" , with: " " )
253254 result = result. replacingOccurrences ( of: " -- " , with: " " )
254255 return result
You can’t perform that action at this time.
0 commit comments