From d3ccd14fe0ac62ce6c4d3897cbfcb70cf3712264 Mon Sep 17 00:00:00 2001
From: Zoe Roux <zoe.roux@zoriya.dev>
Date: Thu, 4 Dec 2025 17:47:20 +0100
Subject: [PATCH] Fix sqlarr

---
 api/src/db/utils.ts | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/api/src/db/utils.ts b/api/src/db/utils.ts
index 6e9c7308..12c2e43c 100644
--- a/api/src/db/utils.ts
+++ b/api/src/db/utils.ts
@@ -75,6 +75,10 @@ export function conflictUpdateAllExcept<
 
 // drizzle is bugged and doesn't allow js arrays to be used in raw sql.
 export function sqlarr(array: unknown[]): string {
+	function escapeStr(str: string) {
+		return str.replaceAll("\\", "\\\\").replaceAll('"', '\\"');
+	}
+
 	return `{${array
 		.map((item) =>
 			item === "null" || item === null || item === undefined
@@ -82,8 +86,8 @@ export function sqlarr(array: unknown[]): string {
 				: Array.isArray(item)
 					? sqlarr(item)
 					: typeof item === "object"
-						? `"${JSON.stringify(item).replaceAll("\\", "\\\\").replaceAll('"', '\\"')}"`
-						: `"${item?.toString().replaceAll('"', '\\"')}"`,
+						? `"${escapeStr(JSON.stringify(item))}"`
+						: `"${escapeStr(item.toString())}"`,
 		)
 		.join(", ")}}`;
 }