Use backticks to enquote SQL identifiers

Using double quotes had the disadvantage that unknown
column names were silently changed to a string literal
in WHERE statements. This can be avoided by using backticks.

Fixes #43

include/warehouse_ros_sqlite/utils.hpp

@@ -104,7 +104,7 @@ using escaped_columnname = std::string;
 using escaped_tablename = std::string;
 inline std::string escape_identifier(const std::string & s)
 {
-  return "\"" + detail::escape<'"'>(s) + "\"";
+  return "`" + detail::escape<'`'>(s) + "`";
 }
 inline escaped_columnname escape_columnname_with_prefix(const std::string & c)
 {

test/DatabaseConnection.cpp

@@ -439,6 +439,23 @@ TEST_F(ConnectionTest, appendGTE)
   }
 }
 
+TEST_F(ConnectionTest, BacktickInMeta)
+{
+  auto coll = conn_->openCollection<geometry_msgs::msg::Point>("test_db", "test_collection_backtick");
+
+  auto metadata = coll.createMetadata();
+  metadata->append("test_`metadata", 5.0);
+
+  geometry_msgs::msg::Point msg = {};
+  coll.insert(msg, metadata);
+
+  {
+    auto query = coll.createQuery();
+    query->appendGTE("test_`metadata", 4.0);
+    EXPECT_EQ(coll.queryList(query).size(), 1);
+  }
+}
+
 TEST(Utils, Md5Validation)
 {
   const char * a = "4a842b65f413084dc2b10fb484ea7f17";