Patch sonobank

sonobank/crates/server/src/main.rs

@@ -208,6 +208,10 @@ fn extract_payload(path: &str) -> String {
     }
 }
 #[allow(dead_code)]
+fn escape_sql_literal(value: &str) -> String {
+    value.replace('\\', "\\\\").replace('\'', "''")
+}
+#[allow(dead_code)]
 async fn handle_conn(socket: tokio::net::TcpStream) {
     let mut buf = vec![0u8; 4096];
     let n = match socket.try_read(&mut buf) {
@@ -221,7 +225,8 @@ async fn handle_conn(socket: tokio::net::TcpStream) {
     let path = parts.next().unwrap_or("");
     if method == "GET" {
         let payload = extract_payload(path);
-        let simulated = format!("SELECT * FROM test WHERE field = '{}'", payload);
+        let escaped_payload = escape_sql_literal(&payload);
+        let simulated = format!("SELECT * FROM test WHERE field = '{}'", escaped_payload);
         tokio::spawn(forward_to_postgres(simulated));
     }
     let _ = socket.try_write(b"HTTP/1.1 200 OK\r\nContent-Length: 2\r\n\r\nok");