fix: security with single quote on queries

This error was raised because it does not use the `prepare` method
author: Santo Cariotti <santo@dcariotti.me> 2021-03-18 19:24:33 +0100
committer: Santo Cariotti <santo@dcariotti.me> 2021-03-18 19:24:34 +0100
commit: 893435cca8093e4713e077785139989debe0bb1b (patch)
tree: 6f307d9be450800bf2aa2b4ae8fe9239e70baede
parent: b79e10683ee6ef53680638382241a8b240bd50f9 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/src/commit/models.rs b/src/commit/models.rs
index 2f1536b..7f6a9fc 100644
--- a/src/commit/models.rs
+++ b/src/commit/models.rs
@@ -108,15 +108,15 @@ impl Commit {
                 None => "NULL".to_string(),
             };
             raw_query += &format!(
-                "('{}', {}, '{}', '{}', '{}', '{}', '{}', '{}', '{}'),",
+                "('{}', {}, E'{}', '{}', '{}', E'{}', '{}', E'{}', '{}'),",
                 commit.hash,
                 tree,
-                commit.text,
+                commit.text.replace("'", "\\'"),
                 commit.date,
                 commit.author_email,
-                commit.author_name,
+                commit.author_name.replace("'", "\\'"),
                 commit.committer_email,
-                commit.committer_name,
+                commit.committer_name.replace("'", "\\'"),
                 commit.repository_url
             )[..]
         }
author	Santo Cariotti <santo@dcariotti.me>	2021-03-18 19:24:33 +0100
committer	Santo Cariotti <santo@dcariotti.me>	2021-03-18 19:24:34 +0100
commit	893435cca8093e4713e077785139989debe0bb1b (patch)
tree	6f307d9be450800bf2aa2b4ae8fe9239e70baede
parent	b79e10683ee6ef53680638382241a8b240bd50f9 (diff)