From ffd3678e64409cf8c4526c723c38871fd2ae8853 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Samuel=20=C5=A0tancl?= <samuel@archte.ch>
Date: Fri, 7 Nov 2025 20:41:06 +0100
Subject: [PATCH] Revert "fix: Refactor database management methods to use
 parameterized queries and add identifier quoting"

This reverts commit 712d7aabec2ea6b3e7710a33c597c696c72716d0.
---
 src/Concerns/ManagesRLSPolicies.php            | 14 ++------------
 .../MySQLDatabaseManager.php                   | 18 ++++--------------
 .../PostgreSQLDatabaseManager.php              | 18 +++---------------
 3 files changed, 9 insertions(+), 41 deletions(-)

diff --git a/src/Concerns/ManagesRLSPolicies.php b/src/Concerns/ManagesRLSPolicies.php
index fb7e4eaa..6b804fb7 100644
--- a/src/Concerns/ManagesRLSPolicies.php
+++ b/src/Concerns/ManagesRLSPolicies.php
@@ -17,28 +17,18 @@ trait ManagesRLSPolicies
     {
         return array_map(
             fn (stdClass $policy) => $policy->policyname,
-            DB::select(
-                "SELECT policyname FROM pg_policies WHERE tablename = ? AND policyname LIKE ?",
-                [$table, '%_rls_policy%']
-            )
+            DB::select("SELECT policyname FROM pg_policies WHERE tablename = '{$table}' AND policyname LIKE '%_rls_policy%'")
         );
     }
 
     public static function dropRLSPolicies(string $table): int
     {
         $policies = static::getRLSPolicies($table);
-        $quotedTable = static::quoteIdentifier($table);
 
         foreach ($policies as $policy) {
-            $quotedPolicy = static::quoteIdentifier($policy);
-            DB::statement("DROP POLICY {$quotedPolicy} ON {$quotedTable}");
+            DB::statement('DROP POLICY ? ON ?', [$policy, $table]);
         }
 
         return count($policies);
     }
-
-    protected static function quoteIdentifier(string $identifier): string
-    {
-        return '"' . str_replace('"', '""', $identifier) . '"';
-    }
 }
diff --git a/src/Database/TenantDatabaseManagers/MySQLDatabaseManager.php b/src/Database/TenantDatabaseManagers/MySQLDatabaseManager.php
index 5db7a6d3..b86faef2 100644
--- a/src/Database/TenantDatabaseManagers/MySQLDatabaseManager.php
+++ b/src/Database/TenantDatabaseManagers/MySQLDatabaseManager.php
@@ -10,30 +10,20 @@ class MySQLDatabaseManager extends TenantDatabaseManager
 {
     public function createDatabase(TenantWithDatabase $tenant): bool
     {
-        $database = $this->quoteIdentifier($tenant->database()->getName());
+        $database = $tenant->database()->getName();
         $charset = $this->connection()->getConfig('charset');
         $collation = $this->connection()->getConfig('collation');
 
-        return $this->connection()->statement("CREATE DATABASE {$database} CHARACTER SET `$charset` COLLATE `$collation`");
+        return $this->connection()->statement("CREATE DATABASE `{$database}` CHARACTER SET `$charset` COLLATE `$collation`");
     }
 
     public function deleteDatabase(TenantWithDatabase $tenant): bool
     {
-        $database = $this->quoteIdentifier($tenant->database()->getName());
-
-        return $this->connection()->statement("DROP DATABASE {$database}");
+        return $this->connection()->statement("DROP DATABASE `{$tenant->database()->getName()}`");
     }
 
     public function databaseExists(string $name): bool
     {
-        return (bool) $this->connection()->selectOne(
-            'SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = ? LIMIT 1',
-            [$name]
-        );
-    }
-
-    protected function quoteIdentifier(string $identifier): string
-    {
-        return '`' . str_replace('`', '``', $identifier) . '`';
+        return (bool) $this->connection()->select("SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = '$name'");
     }
 }
diff --git a/src/Database/TenantDatabaseManagers/PostgreSQLDatabaseManager.php b/src/Database/TenantDatabaseManagers/PostgreSQLDatabaseManager.php
index 6290c832..4fff7202 100644
--- a/src/Database/TenantDatabaseManagers/PostgreSQLDatabaseManager.php
+++ b/src/Database/TenantDatabaseManagers/PostgreSQLDatabaseManager.php
@@ -10,28 +10,16 @@ class PostgreSQLDatabaseManager extends TenantDatabaseManager
 {
     public function createDatabase(TenantWithDatabase $tenant): bool
     {
-        $database = $this->quoteIdentifier($tenant->database()->getName());
-
-        return $this->connection()->statement("CREATE DATABASE {$database} WITH TEMPLATE=template0");
+        return $this->connection()->statement("CREATE DATABASE \"{$tenant->database()->getName()}\" WITH TEMPLATE=template0");
     }
 
     public function deleteDatabase(TenantWithDatabase $tenant): bool
     {
-        $database = $this->quoteIdentifier($tenant->database()->getName());
-
-        return $this->connection()->statement("DROP DATABASE {$database}");
+        return $this->connection()->statement("DROP DATABASE \"{$tenant->database()->getName()}\"");
     }
 
     public function databaseExists(string $name): bool
     {
-        return (bool) $this->connection()->selectOne(
-            'SELECT datname FROM pg_database WHERE datname = ? LIMIT 1',
-            [$name]
-        );
-    }
-
-    protected function quoteIdentifier(string $identifier): string
-    {
-        return '"' . str_replace('"', '""', $identifier) . '"';
+        return (bool) $this->connection()->selectOne("SELECT datname FROM pg_database WHERE datname = '$name'");
     }
 }