Use `quote` method rather than single quotes to identifiers in SQL

Because identifiers in SQL could include a single quote.

Related #24950, #26784.

activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb

@@ -694,7 +694,7 @@ module ActiveRecord
             auto_increment: column.auto_increment?
           }
 
-          current_type = select_one("SHOW COLUMNS FROM #{quote_table_name(table_name)} LIKE '#{column_name}'", "SCHEMA")["Type"]
+          current_type = select_one("SHOW COLUMNS FROM #{quote_table_name(table_name)} LIKE #{quote(column_name)}", "SCHEMA")["Type"]
           td = create_table_definition(table_name)
           cd = td.new_column_definition(new_column_name, current_type, options)
           schema_creation.accept(ChangeColumnDefinition.new(cd, column.name))

activerecord/lib/active_record/connection_adapters/mysql/schema_dumper.rb

@@ -47,7 +47,7 @@ module ActiveRecord
           def schema_collation(column)
             if column.collation && table_name = column.table_name
               @table_collation_cache ||= {}
-              @table_collation_cache[table_name] ||= select_one("SHOW TABLE STATUS LIKE '#{table_name}'")["Collation"]
+              @table_collation_cache[table_name] ||= select_one("SHOW TABLE STATUS LIKE #{quote(table_name)}")["Collation"]
               column.collation.inspect if column.collation != @table_collation_cache[table_name]
             end
           end

activerecord/lib/active_record/connection_adapters/postgresql/database_statements.rb

@@ -147,6 +147,10 @@ module ActiveRecord
         end
 
         private
+          # Returns the current ID of a table's sequence.
+          def last_insert_id_result(sequence_name)
+            exec_query("SELECT currval(#{quote(sequence_name)})", "SQL")
+          end
 
           def suppress_composite_primary_key(pk)
             pk unless pk.is_a?(Array)

activerecord/lib/active_record/connection_adapters/postgresql/schema_statements.rb

@@ -257,7 +257,7 @@ module ActiveRecord
         end
 
         def serial_sequence(table, column)
-          select_value("SELECT pg_get_serial_sequence('#{table}', '#{column}')", "SCHEMA")
+          select_value("SELECT pg_get_serial_sequence(#{quote(table)}, #{quote(column)})", "SCHEMA")
         end
 
         # Sets the sequence of a table's primary key to the specified value.
@@ -268,7 +268,7 @@ module ActiveRecord
             if sequence
               quoted_sequence = quote_table_name(sequence)
 
-              select_value("SELECT setval('#{quoted_sequence}', #{value})", "SCHEMA")
+              select_value("SELECT setval(#{quote(quoted_sequence)}, #{value})", "SCHEMA")
             else
               @logger.warn "#{table} has primary key #{pk} with no default sequence." if @logger
             end
@@ -293,14 +293,14 @@ module ActiveRecord
             max_pk = select_value("select MAX(#{quote_column_name pk}) from #{quote_table_name(table)}")
             if max_pk.nil?
               if postgresql_version >= 100000
-                minvalue = select_value("SELECT seqmin from pg_sequence where seqrelid = '#{quoted_sequence}'::regclass")
+                minvalue = select_value("SELECT seqmin from pg_sequence where seqrelid = #{quote(quoted_sequence)}::regclass")
               else
                 minvalue = select_value("SELECT min_value FROM #{quoted_sequence}")
               end
             end
 
             select_value(<<-end_sql, "SCHEMA")
-              SELECT setval('#{quoted_sequence}', #{max_pk ? max_pk : minvalue}, #{max_pk ? true : false})
+              SELECT setval(#{quote(quoted_sequence)}, #{max_pk ? max_pk : minvalue}, #{max_pk ? true : false})
             end_sql
           end
         end
@@ -325,7 +325,7 @@ module ActiveRecord
               AND seq.relnamespace  = nsp.oid
               AND cons.contype      = 'p'
               AND dep.classid       = 'pg_class'::regclass
-              AND dep.refobjid      = '#{quote_table_name(table)}'::regclass
+              AND dep.refobjid      = #{quote(quote_table_name(table))}::regclass
           end_sql
 
           if result.nil? || result.empty?
@@ -343,7 +343,7 @@ module ActiveRecord
               JOIN pg_attrdef     def  ON (adrelid = attrelid AND adnum = attnum)
               JOIN pg_constraint  cons ON (conrelid = adrelid AND adnum = conkey[1])
               JOIN pg_namespace   nsp  ON (t.relnamespace = nsp.oid)
-              WHERE t.oid = '#{quote_table_name(table)}'::regclass
+              WHERE t.oid = #{quote(quote_table_name(table))}::regclass
                 AND cons.contype = 'p'
                 AND pg_get_expr(def.adbin, def.adrelid) ~* 'nextval|uuid_generate'
             end_sql

activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb

@@ -723,11 +723,6 @@ module ActiveRecord
           end
         end
 
-        # Returns the current ID of a table's sequence.
-        def last_insert_id_result(sequence_name)
-          exec_query("SELECT currval('#{sequence_name}')", "SQL")
-        end
-
         # Returns the list of a table's column names, data types, and default values.
         #
         # The underlying query is roughly: