DatabaseSchemaEditor.quote_value inlines string values into DDL (Spanner doesn't accept bind parameters in those positions) and escapes them with ANSI quote doubling. Cloud Spanner runs GoogleSQL, which escapes a quote with a backslash and treats the backslash itself as an escape character, so doubling is the wrong convention here. A plain apostrophe such as a default of O'Brien renders as 'O''Brien' and fails to parse, and a value that contains a backslash escapes the closing quote and runs off the end of the literal. With a crafted default like \' OR 1=1 -- the output becomes '\'' OR 1=1 -- ', where the \' is an escaped quote and the following quote closes the string, leaving OR 1=1 as live SQL. I noticed it because the generated-column and db_default paths a few lines up in the same file already escape the GoogleSQL way, while quote_value (and prepare_default, which calls it) still doubled. The change moves quote_value to the same backslash escaping so the value stays inside its literal.

• Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
• Ensure the tests and linter pass
• Code coverage does not decrease (if any source code was changed)
• Appropriate docs were updated (if necessary)