Fixed #116 Possible SQL injection vulnerability

scalikejdbc-interpolation-core/src/main/scala/scalikejdbc/interpolation/SQLSyntax.scala

@@ -5,5 +5,13 @@ package scalikejdbc.interpolation
  *
  * This value won't be treated as a binding parameter but will be appended as a part of SQL.
  */
-case class SQLSyntax(value: String, parameters: Seq[Any] = Vector())
+class SQLSyntax private[scalikejdbc] (val value: String, val parameters: Seq[Any] = Vector())
+
+object SQLSyntax {
+
+  private[scalikejdbc] def apply(value: String, parameters: Seq[Any]) = new SQLSyntax(value, parameters)
+
+  def unapply(syntax: SQLSyntax): Option[(String, Seq[Any])] = Some((syntax.value, syntax.parameters))
+
+}
 

scalikejdbc-interpolation-core/src/test/scala/scalikejdbc/SQLInterpolationSpec.scala

@@ -103,7 +103,7 @@ class SQLInterpolationSpec extends FlatSpec with ShouldMatchers {
           }
 
           val ids = List(1, 2, 4) ::: (100 until 200).toList
-          val sorting = SQLSyntax("DESC")
+          val sorting = sqls"desc"
           val users = sql"select * from users where id in (${ids}) order by id ${sorting}".map {
             rs => User(id = rs.int("id"), name = rs.stringOpt("name"))
           }.list.apply()