#56124 Properly escape column defaults (#56158)

asmecher · web-flow · commit a9547c87c332 · 2025-06-28T19:23:51.000+02:00
diff --git a/src/Illuminate/Database/Schema/Grammars/Grammar.php b/src/Illuminate/Database/Schema/Grammars/Grammar.php
@@ -478,12 +478,12 @@ protected function getDefaultValue($value)
         }
 
         if ($value instanceof BackedEnum) {
-            return "'{$value->value}'";
+            return "'".str_replace("'", "''", $value->value)."'";
         }
 
         return is_bool($value)
             ? "'".(int) $value."'"
-            : "'".(string) $value."'";
+            : "'".str_replace("'", "''", $value)."'";
     }
 
     /**
diff --git a/tests/Database/DatabaseSchemaBlueprintTest.php b/tests/Database/DatabaseSchemaBlueprintTest.php
@@ -616,6 +616,45 @@ public function testTableComment()
         $this->assertEquals(['comment on table "posts" is \'Look at my comment, it is amazing\''], $getSql('Postgres'));
     }
 
+    public function testColumnDefault()
+    {
+        // Test a normal string literal column default.
+        $getSql = function ($grammar) {
+            return $this->getBlueprint($grammar, 'posts', function ($table) {
+                $table->tinyText('note')->default('this will work');
+            })->toSql();
+        };
+
+        $this->assertEquals(['alter table `posts` add `note` tinytext not null default \'this will work\''], $getSql('MySql'));
+
+        // Test a string literal column default containing an apostrophe (#56124)
+        $getSql = function ($grammar) {
+            return $this->getBlueprint($grammar, 'posts', function ($table) {
+                $table->tinyText('note')->default('this\'ll work too');
+            })->toSql();
+        };
+
+        $this->assertEquals(['alter table `posts` add `note` tinytext not null default \'this\'\'ll work too\''], $getSql('MySql'));
+
+        // Test a backed enumeration column default
+        $getSql = function ($grammar) {
+            return $this->getBlueprint($grammar, 'posts', function ($table) {
+                $enum = ApostropheBackedEnum::ValueWithoutApostrophe;
+                $table->tinyText('note')->default($enum);
+            })->toSql();
+        };
+        $this->assertEquals(['alter table `posts` add `note` tinytext not null default \'this will work\''], $getSql('MySql'));
+
+        // Test a backed enumeration column default containing an apostrophe (#56124)
+        $getSql = function ($grammar) {
+            return $this->getBlueprint($grammar, 'posts', function ($table) {
+                $enum = ApostropheBackedEnum::ValueWithApostrophe;
+                $table->tinyText('note')->default($enum);
+            })->toSql();
+        };
+        $this->assertEquals(['alter table `posts` add `note` tinytext not null default \'this\'\'ll work too\''], $getSql('MySql'));
+    }
+
     protected function getConnection(?string $grammar = null, string $prefix = '')
     {
         $connection = m::mock(Connection::class)
@@ -652,3 +691,9 @@ protected function getBlueprint(
         return new Blueprint($connection, $table, $callback);
     }
 }
+
+enum ApostropheBackedEnum: string
+{
+    case ValueWithoutApostrophe = 'this will work';
+    case ValueWithApostrophe = 'this\'ll work too';
+}

Original file line number	Diff line number	Diff line change
`@@ -478,12 +478,12 @@ protected function getDefaultValue($value)`
`478`	`478`	`}`
`479`	`479`
`480`	`480`	`if ($value instanceof BackedEnum) {`
`481`		`- return "'{$value->value}'";`
	`481`	`+ return "'".str_replace("'", "''", $value->value)."'";`
`482`	`482`	`}`
`483`	`483`
`484`	`484`	`return is_bool($value)`
`485`	`485`	`? "'".(int) $value."'"`
`486`		`- : "'".(string) $value."'";`
	`486`	`+ : "'".str_replace("'", "''", $value)."'";`
`487`	`487`	`}`
`488`	`488`
`489`	`489`	`/**`