From 43e27762985c649e6e970cd6fd26ab4ff217d7d0 Mon Sep 17 00:00:00 2001
From: Alex Guerrieri <klaidliadon@gmail.com>
Date: Thu, 12 Feb 2026 15:32:52 +0100
Subject: [PATCH 1/2] Preserve column names in page

---
 page.go      |  3 +--
 page_test.go | 22 ++++++++++++++++++++++
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/page.go b/page.go
index 7d39a48..1e00533 100644
--- a/page.go
+++ b/page.go
@@ -111,8 +111,7 @@ func (p *Page) SetDefaults(o *PaginatorSettings) {
 func (p *Page) GetOrder(columnFunc func(string) string, defaultSort ...string) []Sort {
 	var sorts []Sort
 	if p != nil && len(p.Sort) != 0 {
-		// use sort
-		sorts = p.Sort
+		sorts = append(sorts, p.Sort...) // copy to avoid modifying the original slice
 	}
 	// fall back to column
 	if len(sorts) == 0 {
diff --git a/page_test.go b/page_test.go
index 96b3cb4..993c55f 100644
--- a/page_test.go
+++ b/page_test.go
@@ -32,6 +32,9 @@ func TestPagination(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, `SELECT * FROM t ORDER BY "id" ASC LIMIT 3 OFFSET 0`, sql)
 	require.Empty(t, args)
+	// Verify page.Column and page.Sort are not modified
+	require.Empty(t, page.Column)
+	require.Len(t, page.Sort, 0)
 
 	result = paginator.PrepareResult(make([]T, 0), page)
 	require.Len(t, result, 0)
@@ -60,6 +63,9 @@ func TestInvalidSort(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, "SELECT * FROM t ORDER BY \"ID; DROP TABLE users;\" ASC, \"name\" DESC LIMIT 11 OFFSET 0", sql)
 	require.Empty(t, args)
+	// Verify columns in page.Sort are not quoted
+	require.Equal(t, "ID; DROP TABLE users;", page.Sort[0].Column)
+	require.Equal(t, "name", page.Sort[1].Column)
 }
 
 func TestPageColumnInjection(t *testing.T) {
@@ -73,6 +79,8 @@ func TestPageColumnInjection(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, "SELECT * FROM t ORDER BY \"id; DROP TABLE users;--\" ASC LIMIT 11 OFFSET 0", sql)
 	require.Empty(t, args)
+	// Verify column in page is not quoted
+	require.Equal(t, "id; DROP TABLE users;--", page.Column)
 }
 
 func TestPageColumnSpaces(t *testing.T) {
@@ -86,6 +94,8 @@ func TestPageColumnSpaces(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, "SELECT * FROM t ORDER BY \"id\" ASC, \"name\" ASC LIMIT 11 OFFSET 0", sql)
 	require.Empty(t, args)
+	// Verify column in page is not quoted
+	require.Equal(t, "id, name", page.Column)
 }
 
 func TestSortOrderInjection(t *testing.T) {
@@ -103,6 +113,10 @@ func TestSortOrderInjection(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, "SELECT * FROM t ORDER BY \"id\" ASC, \"name\" DESC, \"created_at\" ASC LIMIT 11 OFFSET 0", sql)
 	require.Empty(t, args)
+	// Verify columns in page.Sort are not quoted
+	require.Equal(t, "id", page.Sort[0].Column)
+	require.Equal(t, "name", page.Sort[1].Column)
+	require.Equal(t, "created_at", page.Sort[2].Column)
 }
 
 func TestPaginationEdgeCases(t *testing.T) {
@@ -180,6 +194,10 @@ func TestColumnFunc(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, `SELECT * FROM t ORDER BY "ID" ASC, "NAME" DESC, "created_at" ASC LIMIT 11 OFFSET 0`, sql)
 	require.Empty(t, args)
+	// Verify columns in page.Sort are not quoted
+	require.Equal(t, "id", page.Sort[0].Column)
+	require.Equal(t, "name", page.Sort[1].Column)
+	require.Equal(t, "created_at", page.Sort[2].Column)
 }
 
 func TestColumnFallbackUsesColumnFunc(t *testing.T) {
@@ -199,6 +217,8 @@ func TestColumnFallbackUsesColumnFunc(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, `SELECT * FROM t ORDER BY "NAME" ASC LIMIT 11 OFFSET 0`, sql)
 	require.Empty(t, args)
+	// Verify column in page is not quoted or transformed
+	require.Equal(t, "name", page.Column)
 }
 
 func TestSortTakesPrecedenceOverColumn(t *testing.T) {
@@ -218,6 +238,8 @@ func TestSortTakesPrecedenceOverColumn(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, `SELECT * FROM t ORDER BY "id" DESC LIMIT 11 OFFSET 0`, sql)
 	require.Empty(t, args)
+	// Verify sort column in page is not quoted
+	require.Equal(t, "id", page.Sort[0].Column)
 }
 
 func TestPaginationOffsetAndPageRecompute(t *testing.T) {

From fb306e5b63a408e0188fe3c145af13007b5489ac Mon Sep 17 00:00:00 2001
From: Alex Guerrieri <klaidliadon@gmail.com>
Date: Thu, 12 Feb 2026 15:53:54 +0100
Subject: [PATCH 2/2] refactor: use slices.Clone to copy Sort slice in GetOrder
 method

---
 page.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/page.go b/page.go
index 1e00533..d6fcd76 100644
--- a/page.go
+++ b/page.go
@@ -3,6 +3,7 @@ package pgkit
 import (
 	"fmt"
 	"regexp"
+	"slices"
 	"strings"
 
 	sq "github.com/Masterminds/squirrel"
@@ -111,7 +112,7 @@ func (p *Page) SetDefaults(o *PaginatorSettings) {
 func (p *Page) GetOrder(columnFunc func(string) string, defaultSort ...string) []Sort {
 	var sorts []Sort
 	if p != nil && len(p.Sort) != 0 {
-		sorts = append(sorts, p.Sort...) // copy to avoid modifying the original slice
+		sorts = slices.Clone(p.Sort)
 	}
 	// fall back to column
 	if len(sorts) == 0 {