Non-escape character breaks select function
One of my users has an apostrophe in their name ex:
Ty'ler Marshall
. They are just using out of the box Supabase email provider magic link functionality with a gmail address. The raw_user_meta_data
column is storing their name like:
I then have a call on my front-end that is using Drizzle as ORM which is a pretty simple select:
But this is failing because its not being escaped. The value in DB is not escaped:
Error getting user data Error: syntax error at or near "ler"
The appUsers table doesn't even reference that col at all:
If I do this:
it works fine, does the tx.select() do some sort of full lookup in the auth users table that grabs all the info?
I am not sure if this is a supabase, google, or drizzle situation. Any thoughts?2 Replies
After talking to Supabase peeps, pretty positive it's a drizzle issue (or at least not Supabase).
I've identified it's not the selects, I think its the data inside the session object...
I think this documentation here may be effected:
https://orm.drizzle.team/docs/rls
in that there are calls to things like:
But, if the token contains data with an apostrophe, it breaks that call.
Drizzle ORM - Row-Level Security (RLS)
Drizzle ORM is a lightweight and performant TypeScript ORM with developer experience in mind.