From d5b4d6b98f6941fde2c00b8c80b237905e08cf40 Mon Sep 17 00:00:00 2001
From: Stefan Charsley <charsleysa@gmail.com>
Date: Fri, 20 Sep 2024 16:26:27 +1200
Subject: [PATCH] Fix code scanning alert #1: Incomplete string escaping or
 encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 lib/dialect/mssql.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/dialect/mssql.ts b/lib/dialect/mssql.ts
index f6c5be3..8d497b6 100644
--- a/lib/dialect/mssql.ts
+++ b/lib/dialect/mssql.ts
@@ -202,7 +202,7 @@ export class Mssql extends Dialect<{ questionMarkParameterPlaceholder?: boolean
         createResult.push(`(${colNodes.map(this.visit.bind(this)).join(', ')})`);
         this.visitingCreate = false;
         let tableStr = tableResult.join(' ');
-        tableStr = tableStr.replace("'", "''");
+        tableStr = tableStr.replace(/'/g, "''");
         tableStr = `'${tableStr.substring(1, tableStr.length - 1)}'`;
         const whereClause = `WHERE TABLE_NAME = ${tableStr}`;
         // TODO: need to add schema check, sudo code: