sql-string.js
2.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
'use strict';
/* jshint -W110 */
var dataTypes = require('./data-types')
, _ = require('lodash')
, SqlString = exports;
SqlString.escapeId = function(val, forbidQualified) {
if (forbidQualified) {
return '`' + val.replace(/`/g, '``') + '`';
}
return '`' + val.replace(/`/g, '``').replace(/\./g, '`.`') + '`';
};
SqlString.escape = function(val, timeZone, dialect, format) {
var prependN = false;
if (val === undefined || val === null) {
return 'NULL';
}
switch (typeof val) {
case 'boolean':
// SQLite doesn't have true/false support. MySQL aliases true/false to 1/0
// for us. Postgres actually has a boolean type with true/false literals,
// but sequelize doesn't use it yet.
if (dialect === 'sqlite' || dialect === 'mssql') {
return +!!val;
}
return '' + !!val;
case 'number':
return val + '';
case 'string':
// In mssql, prepend N to all quoted vals which are originally a string (for
// unicode compatibility)
prependN = dialect === 'mssql';
break;
}
if (val instanceof Date) {
val = dataTypes[dialect].DATE.prototype.stringify(val, { timezone: timeZone });
}
if (Buffer.isBuffer(val)) {
if (dataTypes[dialect].BLOB) {
return dataTypes[dialect].BLOB.prototype.stringify(val);
}
return dataTypes.BLOB.prototype.stringify(val);
}
if (Array.isArray(val)) {
var escape = _.partial(SqlString.escape, _, timeZone, dialect, format);
if (dialect === 'postgres' && !format) {
return dataTypes.ARRAY.prototype.stringify(val, {escape: escape});
}
return val.map(escape);
}
if (dialect === 'postgres' || dialect === 'sqlite' || dialect === 'mssql') {
// http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS
// http://stackoverflow.com/q/603572/130598
val = val.replace(/'/g, "''");
} else {
val = val.replace(/[\0\n\r\b\t\\\'\"\x1a]/g, function(s) {
switch (s) {
case '\0': return '\\0';
case '\n': return '\\n';
case '\r': return '\\r';
case '\b': return '\\b';
case '\t': return '\\t';
case '\x1a': return '\\Z';
default: return '\\' + s;
}
});
}
return (prependN ? "N'" : "'") + val + "'";
};
SqlString.format = function(sql, values, timeZone, dialect) {
values = [].concat(values);
return sql.replace(/\?/g, function(match) {
if (!values.length) {
return match;
}
return SqlString.escape(values.shift(), timeZone, dialect, true);
});
};
SqlString.formatNamedParameters = function(sql, values, timeZone, dialect) {
return sql.replace(/\:+(?!\d)(\w+)/g, function(value, key) {
if ('postgres' === dialect && '::' === value.slice(0, 2)) {
return value;
}
if (values[key] !== undefined) {
return SqlString.escape(values[key], timeZone, dialect, true);
} else {
throw new Error('Named parameter "' + value + '" has no value in the given object.');
}
});
};