lvyanquan commented on code in PR #4069:
URL: https://github.com/apache/flink-cdc/pull/4069#discussion_r2250586336
##########
flink-cdc-connect/flink-cdc-source-connectors/flink-connector-mysql-cdc/src/main/java/org/apache/flink/cdc/connectors/mysql/source/utils/StatementUtils.java:
##########
@@ -225,7 +225,7 @@ public static PreparedStatement readTableSplitDataStatement(
}
public static String quote(String dbOrTableName) {
- return "`" + dbOrTableName + "`";
+ return "`" + dbOrTableName.replace("`", "``") + "`";
Review Comment:
The user's table name itself may contain the risk of SQL injection, and
testing has been updated to verify the correctness of SQL and pipeline jobs.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@flink.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
