Escape database object names when building queriesย #189
Description
Is your feature request related to a problem? Please describe.
It seems like a good idea to me to always escape table and column names when building queries. This will allow the usage of white space and other non standard characters in these names, as well as providing another barrier towards SQL injection.
Describe the solution you'd like
Create an escape_name function and call where appropriate. The function should account for user escaped names as well as names containing escape tokens.
Sqlite allows both [name] and "name" syntax to escape names. Depending on the characters in name one or the other can be picked. If name were to contain both " and [ or ], " can be escaped as "".
Describe alternatives you've considered
This is mostly a QOL thing. Users can easily implement their own escape mechanism.