From 079df65dc0f71ea4d1771b6ae17e13242c766517 Mon Sep 17 00:00:00 2001
From: Mike Bayer <mike_mp@zzzcomputing.com>
Date: Fri, 30 Sep 2016 09:23:50 -0400
Subject: Escape literal string values passed to server_default

A string sent as a column default via the
:paramref:`.Column.server_default` parameter is now escaped for quotes.

This change is backwards compatible with code that may have been
working around this previously.

Change-Id: I341298a76cc67bc0a53df4ab51ab9379f2294cdd
Fixes: #3809
---
 lib/sqlalchemy/sql/compiler.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib/sqlalchemy/sql')

diff --git a/lib/sqlalchemy/sql/compiler.py b/lib/sqlalchemy/sql/compiler.py
index a7954f10a..a2dbcee5c 100644
--- a/lib/sqlalchemy/sql/compiler.py
+++ b/lib/sqlalchemy/sql/compiler.py
@@ -2494,7 +2494,8 @@ class DDLCompiler(Compiled):
     def get_column_default_string(self, column):
         if isinstance(column.server_default, schema.DefaultClause):
             if isinstance(column.server_default.arg, util.string_types):
-                return "'%s'" % column.server_default.arg
+                return self.sql_compiler.render_literal_value(
+                    column.server_default.arg, sqltypes.STRINGTYPE)
             else:
                 return self.sql_compiler.process(
                     column.server_default.arg, literal_binds=True)
-- 
cgit v1.2.1