Quote escaping issues with `pg:psql -c <command>` #1066

BrentWheeldon opened this Issue Mar 24, 2014 · 4 comments

4 participants


I was wondering if there was a reason that single quotes were used to wrap the command when constructing the raw shell command? This makes it really hard to pass commands that use strings, like:

heroku pg:psql -c "select * from users where name = 'foo'"

Would a pull request to change Heroku::Command::Pg to wrap the command with double quotes be entertained? Is there an issue I'm missing with using double quotes? Or an easy way to escape quotes in the above example?


/cc @will @deafbybeheading


@pedro I think because we're going through several different layers of quoting and escaping here, something will always be off, but it probably makes sense to try to maintain single-quotes to the extent possible.

I think the simplest thing is to change this line to:

        command = %Q(-c "#{command}")

Now double quotes would not work correctly, but that's probably more tolerable. I think something like

        command = %Q(-c "$(cat <<EOF

would actually work for most cases (except where you have a literal "EOF" on a line on its own in your query) but I'm almost certain that wouldn't work on Windows.


Of course the other option is to use a variant of exec that actually takes a command and arguments )as opposed to a full command line as a single string) so that we don't need to worry about quoting ourselves, but I don't know what the implications of that change are, especially on Windows, since that would bypass the shell.


Duplicate of #1084 ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment