# Create a subclass of DBI connection since it's virtual
MockConnection <- setClass("MockConnection", "DBIConnection")
conn <- MockConnection()
# Quoting ensures that arbitrary input is safe for use in a query
name <- "Robert'); DROP TABLE Students;--"
dbQuoteString(conn, name)
dbQuoteIdentifier(conn, name)
# SQL vectors are always passed through as is
var_name <- SQL("select")
var_name
dbQuoteIdentifier(conn, var_name)
dbQuoteString(conn, var_name)
# This mechanism is used to prevent double escaping
dbQuoteString(conn, dbQuoteString(conn, name))
Run the code above in your browser using DataCamp Workspace