Use mysql.escape/escapeId()

2015-01-09 09:02:36 -08:00 · 2015-01-09 09:02:36 -08:00 · 7fe8306db2
parent 5b6bc9cf83
commit 7fe8306db2
1 changed files with 17 additions and 14 deletions
--- a/lib/mysql.js
+++ b/lib/mysql.js
@ -171,7 +171,7 @@ MySQL.prototype.query = function (sql, callback) {
    }
    if (self.settings.createDatabase) {
      // Call USE db ...
-      connection.query('USE `' + db + '`', function (err) {
+      connection.query('USE ' + client.escapeId(db), function (err) {
        if (err) {
          if (err && err.message.match(/(^|: )unknown database/i)) {
            var charset = self.settings.charset;
@ -179,7 +179,7 @@ MySQL.prototype.query = function (sql, callback) {
            var q = 'CREATE DATABASE ' + db + ' CHARACTER SET ' + charset + ' COLLATE ' + collation;
            connection.query(q, function (err) {
              if (!err) {
-                connection.query('USE `' + db + '`', function (err) {
+                connection.query('USE ' + client.escapeId(db), function (err) {
                  runQuery(connection);
                });
              } else {
@ -324,8 +324,7 @@ MySQL.prototype.toDatabase = function (prop, val, forCreate) {
    return this.client.escape(val);
  }
  if (prop.type === Number) {
-    val = Number(val);
+    return this.client.escape(val);
    return isNaN(val) ? 'NULL' : val;
  }
  if (prop.type === Date) {
    if (!val) {
@ -400,7 +399,7 @@ MySQL.prototype.fromDatabase = function (model, data) {
 };
 MySQL.prototype.escapeName = function (name) {
-  return '`' + name.replace(/\./g, '`.`') + '`';
+  return this.client.escapeId(name);
 };
 MySQL.prototype.getColumns = function (model, props) {
@ -771,7 +770,8 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
    if (found) {
      actualize(propName, found);
    } else {
-      sql.push('ADD COLUMN `' + propName + '` ' + self.propertySettingsSQL(model, propName));
+      sql.push('ADD COLUMN ' + self.client.escapeId(propName) + ' ' +
        self.propertySettingsSQL(model, propName));
    }
  });
@ -781,7 +781,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
      var notFound = !~propNames.indexOf(f.Field);
      if (m.properties[f.Field] && self.id(model, f.Field)) return;
      if (notFound || !m.properties[f.Field]) {
-        sql.push('DROP COLUMN `' + f.Field + '`');
+        sql.push('DROP COLUMN ' + self.client.escapeId(f.Field));
      }
    });
  }
@ -790,7 +790,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
  aiNames.forEach(function (indexName) {
    if (indexName === 'PRIMARY' || (m.properties[indexName] && self.id(model, indexName))) return;
    if (indexNames.indexOf(indexName) === -1 && !m.properties[indexName] || m.properties[indexName] && !m.properties[indexName].index) {
-      sql.push('DROP INDEX `' + indexName + '`');
+      sql.push('DROP INDEX ' + self.client.escapeId(indexName));
    } else {
      // first: check single (only type and kind)
      if (m.properties[indexName] && !m.properties[indexName].index) {
@ -805,7 +805,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
        });
      }
      if (!orderMatched) {
-        sql.push('DROP INDEX `' + indexName + '`');
+        sql.push('DROP INDEX ' + self.client.escapeId(indexName));
        delete ai[indexName];
      }
    }
@ -819,6 +819,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
    }
    var found = ai[propName] && ai[propName].info;
    if (!found) {
      var pName = self.client.escapeId(propName);
      var type = '';
      var kind = '';
      if (i.type) {
@ -828,10 +829,10 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
        // kind = i.kind;
      }
      if (kind && type) {
-        sql.push('ADD ' + kind + ' INDEX `' + propName + '` (`' + propName + '`) ' + type);
+        sql.push('ADD ' + kind + ' INDEX ' + pName + ' (' + pName + ') ' + type);
      } else {
        (typeof i === 'object' && i.unique && i.unique === true) && (kind = "UNIQUE");
-        sql.push('ADD ' + kind + ' INDEX `' + propName + '` ' + type + ' (`' + propName + '`) ');
+        sql.push('ADD ' + kind + ' INDEX ' + pName + ' ' + type + ' (' + pName + ') ');
      }
    }
  });
@ -841,6 +842,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
    var i = m.settings.indexes[indexName];
    var found = ai[indexName] && ai[indexName].info;
    if (!found) {
      var iName = self.client.escapeId(indexName);
      var type = '';
      var kind = '';
      if (i.type) {
@ -850,9 +852,9 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
        kind = i.kind;
      }
      if (kind && type) {
-        sql.push('ADD ' + kind + ' INDEX `' + indexName + '` (' + i.columns + ') ' + type);
+        sql.push('ADD ' + kind + ' INDEX ' + iName + ' (' + i.columns + ') ' + type);
      } else {
-        sql.push('ADD ' + kind + ' INDEX ' + type + ' `' + indexName + '` (' + i.columns + ')');
+        sql.push('ADD ' + kind + ' INDEX ' + type + ' ' + iName + ' (' + i.columns + ')');
      }
    }
  });
@ -871,7 +873,8 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
  function actualize(propName, oldSettings) {
    var newSettings = m.properties[propName];
    if (newSettings && changed(newSettings, oldSettings)) {
-      sql.push('CHANGE COLUMN `' + propName + '` `' + propName + '` ' +
+      var pName = self.client.escapeId(propName);
      sql.push('CHANGE COLUMN ' + pName + ' ' + pName + ' ' +
        self.propertySettingsSQL(model, propName));
    }
  }