Escaping keyword-like column names in Postgres

Question

If the column in Postgres\' table has the name year, how should look INSERT query to set the value for that column?

E.g.: INSERT INTO

Answer 1

To be on the safe side you have to build the insert statement with delimited identifiers.

SQL 2003 specifies that a delimited identifier should be quoted with double quotes " and if a double quote occurs in the identifier, the double quote must be duplicated. See the BNF:

https://ronsavage.github.io/SQL/sql-2003-2.bnf.html#delimited%20identifier

This is the code to quote the identifier:

static String delimited_identifier (String identifier)
{
  return "\"" + identifier.replaceAll ("\"", "\"\"") + "\"";
}

And this is the code to build the insert:

static String build_insert (String table, String[] columns)
{
  StringBuilder sql = new StringBuilder ();
  StringBuilder values = new StringBuilder ();

  sql.append ("INSERT INTO ");
  sql.append (delimited_identifier (table));
  sql.append (" (");
  int c = 0;
  if (columns.length > 0) {
    sql.append (delimited_identifier (columns[c]));
    values.append ("?");
  }
  for (++c; c < columns.length; c++) {
    sql.append (", ");
    sql.append (delimited_identifier (columns[c]));
    values.append (", ?");
  }
  sql.append (") VALUES (");
  sql.append (values.toString ());
  sql.append (")");

  return sql.toString ();
}

Example:

String sql = build_insert ("Person", new String[]{"First name", "Last name"});