Merge pull request #67 from strongloop/feature/tidy-up-escaping

Use mysql.escape/escapeId()
This commit is contained in:
Raymond Feng 2015-01-09 09:20:35 -08:00
commit 8f1b5a3de2
1 changed files with 17 additions and 14 deletions

View File

@ -171,7 +171,7 @@ MySQL.prototype.query = function (sql, callback) {
}
if (self.settings.createDatabase) {
// Call USE db ...
connection.query('USE `' + db + '`', function (err) {
connection.query('USE ' + client.escapeId(db), function (err) {
if (err) {
if (err && err.message.match(/(^|: )unknown database/i)) {
var charset = self.settings.charset;
@ -179,7 +179,7 @@ MySQL.prototype.query = function (sql, callback) {
var q = 'CREATE DATABASE ' + db + ' CHARACTER SET ' + charset + ' COLLATE ' + collation;
connection.query(q, function (err) {
if (!err) {
connection.query('USE `' + db + '`', function (err) {
connection.query('USE ' + client.escapeId(db), function (err) {
runQuery(connection);
});
} else {
@ -324,8 +324,7 @@ MySQL.prototype.toDatabase = function (prop, val, forCreate) {
return this.client.escape(val);
}
if (prop.type === Number) {
val = Number(val);
return isNaN(val) ? 'NULL' : val;
return this.client.escape(val);
}
if (prop.type === Date) {
if (!val) {
@ -400,7 +399,7 @@ MySQL.prototype.fromDatabase = function (model, data) {
};
MySQL.prototype.escapeName = function (name) {
return '`' + name.replace(/\./g, '`.`') + '`';
return this.client.escapeId(name);
};
MySQL.prototype.getColumns = function (model, props) {
@ -771,7 +770,8 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
if (found) {
actualize(propName, found);
} else {
sql.push('ADD COLUMN `' + propName + '` ' + self.propertySettingsSQL(model, propName));
sql.push('ADD COLUMN ' + self.client.escapeId(propName) + ' ' +
self.propertySettingsSQL(model, propName));
}
});
@ -781,7 +781,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
var notFound = !~propNames.indexOf(f.Field);
if (m.properties[f.Field] && self.id(model, f.Field)) return;
if (notFound || !m.properties[f.Field]) {
sql.push('DROP COLUMN `' + f.Field + '`');
sql.push('DROP COLUMN ' + self.client.escapeId(f.Field));
}
});
}
@ -790,7 +790,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
aiNames.forEach(function (indexName) {
if (indexName === 'PRIMARY' || (m.properties[indexName] && self.id(model, indexName))) return;
if (indexNames.indexOf(indexName) === -1 && !m.properties[indexName] || m.properties[indexName] && !m.properties[indexName].index) {
sql.push('DROP INDEX `' + indexName + '`');
sql.push('DROP INDEX ' + self.client.escapeId(indexName));
} else {
// first: check single (only type and kind)
if (m.properties[indexName] && !m.properties[indexName].index) {
@ -805,7 +805,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
});
}
if (!orderMatched) {
sql.push('DROP INDEX `' + indexName + '`');
sql.push('DROP INDEX ' + self.client.escapeId(indexName));
delete ai[indexName];
}
}
@ -819,6 +819,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
}
var found = ai[propName] && ai[propName].info;
if (!found) {
var pName = self.client.escapeId(propName);
var type = '';
var kind = '';
if (i.type) {
@ -828,10 +829,10 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
// kind = i.kind;
}
if (kind && type) {
sql.push('ADD ' + kind + ' INDEX `' + propName + '` (`' + propName + '`) ' + type);
sql.push('ADD ' + kind + ' INDEX ' + pName + ' (' + pName + ') ' + type);
} else {
(typeof i === 'object' && i.unique && i.unique === true) && (kind = "UNIQUE");
sql.push('ADD ' + kind + ' INDEX `' + propName + '` ' + type + ' (`' + propName + '`) ');
sql.push('ADD ' + kind + ' INDEX ' + pName + ' ' + type + ' (' + pName + ') ');
}
}
});
@ -841,6 +842,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
var i = m.settings.indexes[indexName];
var found = ai[indexName] && ai[indexName].info;
if (!found) {
var iName = self.client.escapeId(indexName);
var type = '';
var kind = '';
if (i.type) {
@ -850,9 +852,9 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
kind = i.kind;
}
if (kind && type) {
sql.push('ADD ' + kind + ' INDEX `' + indexName + '` (' + i.columns + ') ' + type);
sql.push('ADD ' + kind + ' INDEX ' + iName + ' (' + i.columns + ') ' + type);
} else {
sql.push('ADD ' + kind + ' INDEX ' + type + ' `' + indexName + '` (' + i.columns + ')');
sql.push('ADD ' + kind + ' INDEX ' + type + ' ' + iName + ' (' + i.columns + ')');
}
}
});
@ -871,7 +873,8 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done,
function actualize(propName, oldSettings) {
var newSettings = m.properties[propName];
if (newSettings && changed(newSettings, oldSettings)) {
sql.push('CHANGE COLUMN `' + propName + '` `' + propName + '` ' +
var pName = self.client.escapeId(propName);
sql.push('CHANGE COLUMN ' + pName + ' ' + pName + ' ' +
self.propertySettingsSQL(model, propName));
}
}