From 98d945c108f6db9ad01a8bb4cd5df954f5b01d5c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carl-Gerhard=20Lindesva=CC=88rd?= <lindesvard@gmail.com>
Date: Wed, 26 Feb 2025 12:02:40 +0100
Subject: [PATCH] fix(worker): escape more things

---
 packages/db/src/services/organization.service.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/db/src/services/organization.service.ts b/packages/db/src/services/organization.service.ts
index afca597a..a1843bfc 100644
--- a/packages/db/src/services/organization.service.ts
+++ b/packages/db/src/services/organization.service.ts
@@ -203,7 +203,7 @@ export async function getOrganizationBillingEventsCount(
 
   sb.select.count = 'COUNT(*) AS count';
   sb.where.projectIds = `project_id IN (${organization.projects.map((project) => escape(project.id)).join(',')})`;
-  sb.where.createdAt = `BETWEEN ${formatClickhouseDate(organization.subscriptionCurrentPeriodStart)} AND ${formatClickhouseDate(organization.subscriptionCurrentPeriodEnd)}`;
+  sb.where.createdAt = `BETWEEN ${escape(formatClickhouseDate(organization.subscriptionCurrentPeriodStart))} AND ${escape(formatClickhouseDate(organization.subscriptionCurrentPeriodEnd))}`;
 
   const res = await chQuery<{ count: number }>(getSql());
   return res[0]?.count;