Use mysql.escape/escapeId()
This commit is contained in:
Raymond Feng
parent
5b6bc9cf83
commit
7fe8306db2
31
lib/mysql.js
31
lib/mysql.js
|
|
@ -171,7 +171,7 @@ MySQL.prototype.query = function (sql, callback) {
|
|||
}
|
||||
if (self.settings.createDatabase) {
|
||||
// Call USE db ...
|
||||
connection.query('USE `' + db + '`', function (err) {
|
||||
connection.query('USE ' + client.escapeId(db), function (err) {
|
||||
if (err) {
|
||||
if (err && err.message.match(/(^|: )unknown database/i)) {
|
||||
var charset = self.settings.charset;
|
||||
|
|
@ -179,7 +179,7 @@ MySQL.prototype.query = function (sql, callback) {
|
|||
var q = 'CREATE DATABASE ' + db + ' CHARACTER SET ' + charset + ' COLLATE ' + collation;
|
||||
connection.query(q, function (err) {
|
||||
if (!err) {
|
||||
connection.query('USE `' + db + '`', function (err) {
|
||||
connection.query('USE ' + client.escapeId(db), function (err) {
|
||||
runQuery(connection);
|
||||
});
|
||||
} else {
|
||||
|
|
@ -324,8 +324,7 @@ MySQL.prototype.toDatabase = function (prop, val, forCreate) {
|
|||
return this.client.escape(val);
|
||||
}
|
||||
if (prop.type === Number) {
|
||||
val = Number(val);
|
||||
return isNaN(val) ? 'NULL' : val;
|
||||
return this.client.escape(val);
|
||||
}
|
||||
if (prop.type === Date) {
|
||||
if (!val) {
|
||||
|
|
@ -400,7 +399,7 @@ MySQL.prototype.fromDatabase = function (model, data) {
|
|||
};
|
||||
|
||||
MySQL.prototype.escapeName = function (name) {
|
||||
return '`' + name.replace(/\./g, '`.`') + '`';
|
||||
return this.client.escapeId(name);
|
||||
};
|
||||
|
||||
MySQL.prototype.getColumns = function (model, props) {
|
||||
|
|
@ -771,7 +770,8 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
|
|||
if (found) {
|
||||
actualize(propName, found);
|
||||
} else {
|
||||
sql.push('ADD COLUMN `' + propName + '` ' + self.propertySettingsSQL(model, propName));
|
||||
sql.push('ADD COLUMN ' + self.client.escapeId(propName) + ' ' +
|
||||
self.propertySettingsSQL(model, propName));
|
||||
}
|
||||
});
|
||||
|
||||
|
|
@ -781,7 +781,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
|
|||
var notFound = !~propNames.indexOf(f.Field);
|
||||
if (m.properties[f.Field] && self.id(model, f.Field)) return;
|
||||
if (notFound || !m.properties[f.Field]) {
|
||||
sql.push('DROP COLUMN `' + f.Field + '`');
|
||||
sql.push('DROP COLUMN ' + self.client.escapeId(f.Field));
|
||||
}
|
||||
});
|
||||
}
|
||||
|
|
@ -790,7 +790,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
|
|||
aiNames.forEach(function (indexName) {
|
||||
if (indexName === 'PRIMARY' || (m.properties[indexName] && self.id(model, indexName))) return;
|
||||
if (indexNames.indexOf(indexName) === -1 && !m.properties[indexName] || m.properties[indexName] && !m.properties[indexName].index) {
|
||||
sql.push('DROP INDEX `' + indexName + '`');
|
||||
sql.push('DROP INDEX ' + self.client.escapeId(indexName));
|
||||
} else {
|
||||
// first: check single (only type and kind)
|
||||
if (m.properties[indexName] && !m.properties[indexName].index) {
|
||||
|
|
@ -805,7 +805,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
|
|||
});
|
||||
}
|
||||
if (!orderMatched) {
|
||||
sql.push('DROP INDEX `' + indexName + '`');
|
||||
sql.push('DROP INDEX ' + self.client.escapeId(indexName));
|
||||
delete ai[indexName];
|
||||
}
|
||||
}
|
||||
|
|
@ -819,6 +819,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
|
|||
}
|
||||
var found = ai[propName] && ai[propName].info;
|
||||
if (!found) {
|
||||
var pName = self.client.escapeId(propName);
|
||||
var type = '';
|
||||
var kind = '';
|
||||
if (i.type) {
|
||||
|
|
@ -828,10 +829,10 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
|
|||
// kind = i.kind;
|
||||
}
|
||||
if (kind && type) {
|
||||
sql.push('ADD ' + kind + ' INDEX `' + propName + '` (`' + propName + '`) ' + type);
|
||||
sql.push('ADD ' + kind + ' INDEX ' + pName + ' (' + pName + ') ' + type);
|
||||
} else {
|
||||
(typeof i === 'object' && i.unique && i.unique === true) && (kind = "UNIQUE");
|
||||
sql.push('ADD ' + kind + ' INDEX `' + propName + '` ' + type + ' (`' + propName + '`) ');
|
||||
sql.push('ADD ' + kind + ' INDEX ' + pName + ' ' + type + ' (' + pName + ') ');
|
||||
}
|
||||
}
|
||||
});
|
||||
|
|
@ -841,6 +842,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
|
|||
var i = m.settings.indexes[indexName];
|
||||
var found = ai[indexName] && ai[indexName].info;
|
||||
if (!found) {
|
||||
var iName = self.client.escapeId(indexName);
|
||||
var type = '';
|
||||
var kind = '';
|
||||
if (i.type) {
|
||||
|
|
@ -850,9 +852,9 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
|
|||
kind = i.kind;
|
||||
}
|
||||
if (kind && type) {
|
||||
sql.push('ADD ' + kind + ' INDEX `' + indexName + '` (' + i.columns + ') ' + type);
|
||||
sql.push('ADD ' + kind + ' INDEX ' + iName + ' (' + i.columns + ') ' + type);
|
||||
} else {
|
||||
sql.push('ADD ' + kind + ' INDEX ' + type + ' `' + indexName + '` (' + i.columns + ')');
|
||||
sql.push('ADD ' + kind + ' INDEX ' + type + ' ' + iName + ' (' + i.columns + ')');
|
||||
}
|
||||
}
|
||||
});
|
||||
|
|
@ -871,7 +873,8 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
|
|||
function actualize(propName, oldSettings) {
|
||||
var newSettings = m.properties[propName];
|
||||
if (newSettings && changed(newSettings, oldSettings)) {
|
||||
sql.push('CHANGE COLUMN `' + propName + '` `' + propName + '` ' +
|
||||
var pName = self.client.escapeId(propName);
|
||||
sql.push('CHANGE COLUMN ' + pName + ' ' + pName + ' ' +
|
||||
self.propertySettingsSQL(model, propName));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue