From 0adbadbacda674e8ea73032b7a9772d4799e1f8d Mon Sep 17 00:00:00 2001
From: Zach Toogood <zrtoogood@gmail.com>
Date: Wed, 11 Dec 2024 22:40:24 +0000
Subject: [PATCH] db: Properly escape % in blobs, more error handling in
 query()

---
 src/common/database.h | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/common/database.h b/src/common/database.h
index 13f7954720b..119e00c7ac6 100644
--- a/src/common/database.h
+++ b/src/common/database.h
@@ -332,9 +332,21 @@ namespace db
     // @return A unique pointer to the result set of the query.
     // @note Everything in database-land is 1-indexed, not 0-indexed.
     template <typename... Args>
-    auto query(std::string const& query, Args&&... args)
+    auto query(std::string const& query, Args&&... args) -> std::unique_ptr<db::detail::ResultSetWrapper>
     {
-        return queryStr(fmt::sprintf(query, std::forward<Args>(args)...));
+        TracyZoneScoped;
+        try
+        {
+            const auto formattedQuery = fmt::sprintf(query, std::forward<Args>(args)...);
+            return queryStr(formattedQuery);
+        }
+        catch (const std::exception& e)
+        {
+            ShowError("Query Failed: %s", e.what());
+            ShowError("Query Failed: %s", str(query.c_str()));
+        }
+
+        return nullptr;
     }
 
     // @brief Execute a prepared statement with the given query string and arguments.
@@ -528,6 +540,9 @@ namespace db
                 case '\\': // Backslash
                     result += "\\\\";
                     break;
+                case '%': // Percent (reserved by sprintf, etc.)
+                    result += "%%";
+                    break;
                 default:
                     result += ch;
                     break;