From caa2a12eaf815498b49101fb42b5a80764f7f719 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@adraca-oracle-01.tail4f7ccb.ts.net>
Date: Thu, 23 Apr 2026 05:28:41 +0000
Subject: [PATCH] security: harden SQL query composition in core engine

---
 splitgraph/core/sql/queries.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/splitgraph/core/sql/queries.py b/splitgraph/core/sql/queries.py
index 39e40089..ec244c31 100644
--- a/splitgraph/core/sql/queries.py
+++ b/splitgraph/core/sql/queries.py
@@ -30,7 +30,7 @@ def select(
     if table_args:
         query += SQL(table_args)
     if where:
-        query += SQL(" WHERE " + where)
+        query += SQL(" WHERE {}").format(SQL(where))
     return query