Skip to content

Commit 95f0ac9

Browse files
serprexserprex
committed
mysql.Escape
1 parent d927ae6 commit 95f0ac9

File tree

1 file changed

+4
-3
lines changed

1 file changed

+4
-3
lines changed

flow/connectors/mysql/mysql.go

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -441,18 +441,19 @@ func (c *MySqlConnector) StatActivity(
441441
req *protos.PostgresPeerActivityInfoRequest,
442442
) (*protos.PeerStatResponse, error) {
443443
rs, err := c.Execute(ctx,
444-
fmt.Sprintf("SELECT ID,COMMAND,STATE,TIME,INFO FROM performance_schema.processlist WHERE USER='%s'", c.config.User))
444+
fmt.Sprintf("SELECT ID,COMMAND,STATE,TIME,INFO FROM performance_schema.processlist WHERE USER='%s'", mysql.Escape(c.config.User)))
445445
if err != nil {
446446
// 42S02 is ER_NO_SUCH_TABLE
447447
var myErr *mysql.MyError
448448
if errors.As(err, &myErr) && myErr.Code == 1146 && myErr.State == "42S02" {
449449
// mariadb
450450
rs, err = c.Execute(ctx,
451451
fmt.Sprintf("SELECT PROCESSLIST_ID,PROCESSLIST_COMMAND,PROCESSLIST_STATE,PROCESSLIST_TIME,PROCESSLIST_INFO"+
452-
" FROM performance_schema.threads WHERE USER='%s'", c.config.User))
452+
" FROM performance_schema.threads WHERE USER='%s'", mysql.Escape(c.config.User)))
453453
if errors.As(err, &myErr) && myErr.Code == 1146 && myErr.State == "42S02" {
454454
rs, err = c.Execute(ctx,
455-
fmt.Sprintf("SELECT ID,COMMAND,STATE,TIME,INFO FROM information_schema.processlist WHERE USER='%s'", c.config.User))
455+
fmt.Sprintf("SELECT ID,COMMAND,STATE,TIME,INFO FROM information_schema.processlist WHERE USER='%s'",
456+
mysql.Escape(c.config.User)))
456457
}
457458
}
458459

0 commit comments

Comments
 (0)