NikolayS · tembo-io · Jun 28, 2025
diff --git a/roles/alter_user_with_random_password.psql b/roles/alter_user_with_random_password.psql
@@ -43,17 +43,17 @@ begin
     j := int4(random() * allowed_len);
     pwd := pwd || substr(allowed, j+1, 1);
   end loop;
-  sql := 'alter role ' || current_setting('postgres_dba.username')::text || ' password ''' || pwd || ''';';
+  sql := format('alter role %I password %L', current_setting('postgres_dba.username')::text, pwd);
   raise debug 'SQL: %', sql;
   execute sql;
-  sql := 'alter role ' || current_setting('postgres_dba.username')::text
-    || (case when lower(current_setting('postgres_dba.is_superuser')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' superuser' else '' end)
-    || ';';
+  sql := format('alter role %I%s', 
+    current_setting('postgres_dba.username')::text,
+    (case when lower(current_setting('postgres_dba.is_superuser')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' superuser' else '' end));
   raise debug 'SQL: %', sql;
   execute sql;
-  sql := 'alter role ' || current_setting('postgres_dba.username')::text
-    || (case when lower(current_setting('postgres_dba.login')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' login' else '' end)
-    || ';';
+  sql := format('alter role %I%s', 
+    current_setting('postgres_dba.username')::text,
+    (case when lower(current_setting('postgres_dba.login')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' login' else '' end));
   raise debug 'SQL: %', sql;
   execute sql;
   raise debug 'User % altered, password: %', current_setting('postgres_dba.username')::text, pwd;

diff --git a/roles/create_user_with_random_password.psql b/roles/create_user_with_random_password.psql
@@ -43,10 +43,11 @@ begin
     j := int4(random() * allowed_len);
     pwd := pwd || substr(allowed, j+1, 1);
   end loop;
-  sql := 'create role ' || current_setting('postgres_dba.username')::text
-    || (case when lower(current_setting('postgres_dba.is_superuser')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' superuser' else '' end)
-    || (case when lower(current_setting('postgres_dba.login')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' login' else '' end)
-    || ' password ''' || pwd || ''';';
+  sql := format('create role %I%s%s password %L', 
+    current_setting('postgres_dba.username')::text,
+    (case when lower(current_setting('postgres_dba.is_superuser')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' superuser' else '' end),
+    (case when lower(current_setting('postgres_dba.login')::text) not in ('0', '', 'no', 'false', 'n', 'f') then ' login' else '' end),
+    pwd);
   raise debug 'SQL: %', sql;
   execute sql;
   raise info 'User % created, password: %', current_setting('postgres_dba.username')::text, pwd;