Comment 1 for bug 1765523

The proposed fix seems to be fixing it on the wrong end.

If I understand the situation correctly, Contrail is synthesizing a column name that includes user entered data. The user data should be escaped (similar to how user data should be handled to prevent SQL injection) so that characters that would have significance to the code are replaced with escape sequences that do not.