From 23f34663e9c6307fb0cc486af375e102fe894a73 Mon Sep 17 00:00:00 2001
From: Marques Johansson <mjohansson@equinix.com>
Date: Wed, 12 Jan 2022 08:05:14 -0500
Subject: [PATCH] escape pgsql field and values generated by buildGetCondition

Signed-off-by: Marques Johansson <mjohansson@equinix.com>
---
 db/db.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/db/db.go b/db/db.go
index 0a47719d0..b976e3e4b 100644
--- a/db/db.go
+++ b/db/db.go
@@ -111,7 +111,7 @@ func get(ctx context.Context, db *sql.DB, query string, args ...interface{}) (st
 func buildGetCondition(fields map[string]string) (string, error) {
 	for column, field := range fields {
 		if field != "" {
-			return fmt.Sprintf("%s = '%s'", column, field), nil
+			return fmt.Sprintf("%s = %s", pq.QuoteIdentifier(column), pq.QuoteLiteral(field)), nil
 		}
 	}
 	return "", errors.New("one GetBy field must be set to build a get condition")