From 7fe8306db2d93c5dd6649f5641616bbfbfb579b9 Mon Sep 17 00:00:00 2001 From: Raymond Feng Date: Fri, 9 Jan 2015 09:02:36 -0800 Subject: [PATCH] Use mysql.escape/escapeId() --- lib/mysql.js | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/lib/mysql.js b/lib/mysql.js index 7e8e680..0864a2e 100644 --- a/lib/mysql.js +++ b/lib/mysql.js @@ -171,7 +171,7 @@ MySQL.prototype.query = function (sql, callback) { } if (self.settings.createDatabase) { // Call USE db ... - connection.query('USE `' + db + '`', function (err) { + connection.query('USE ' + client.escapeId(db), function (err) { if (err) { if (err && err.message.match(/(^|: )unknown database/i)) { var charset = self.settings.charset; @@ -179,7 +179,7 @@ MySQL.prototype.query = function (sql, callback) { var q = 'CREATE DATABASE ' + db + ' CHARACTER SET ' + charset + ' COLLATE ' + collation; connection.query(q, function (err) { if (!err) { - connection.query('USE `' + db + '`', function (err) { + connection.query('USE ' + client.escapeId(db), function (err) { runQuery(connection); }); } else { @@ -324,8 +324,7 @@ MySQL.prototype.toDatabase = function (prop, val, forCreate) { return this.client.escape(val); } if (prop.type === Number) { - val = Number(val); - return isNaN(val) ? 'NULL' : val; + return this.client.escape(val); } if (prop.type === Date) { if (!val) { @@ -400,7 +399,7 @@ MySQL.prototype.fromDatabase = function (model, data) { }; MySQL.prototype.escapeName = function (name) { - return '`' + name.replace(/\./g, '`.`') + '`'; + return this.client.escapeId(name); }; MySQL.prototype.getColumns = function (model, props) { @@ -771,7 +770,8 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done, if (found) { actualize(propName, found); } else { - sql.push('ADD COLUMN `' + propName + '` ' + self.propertySettingsSQL(model, propName)); + sql.push('ADD COLUMN ' + self.client.escapeId(propName) + ' ' + + self.propertySettingsSQL(model, propName)); } }); @@ -781,7 +781,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done, var notFound = !~propNames.indexOf(f.Field); if (m.properties[f.Field] && self.id(model, f.Field)) return; if (notFound || !m.properties[f.Field]) { - sql.push('DROP COLUMN `' + f.Field + '`'); + sql.push('DROP COLUMN ' + self.client.escapeId(f.Field)); } }); } @@ -790,7 +790,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done, aiNames.forEach(function (indexName) { if (indexName === 'PRIMARY' || (m.properties[indexName] && self.id(model, indexName))) return; if (indexNames.indexOf(indexName) === -1 && !m.properties[indexName] || m.properties[indexName] && !m.properties[indexName].index) { - sql.push('DROP INDEX `' + indexName + '`'); + sql.push('DROP INDEX ' + self.client.escapeId(indexName)); } else { // first: check single (only type and kind) if (m.properties[indexName] && !m.properties[indexName].index) { @@ -805,7 +805,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done, }); } if (!orderMatched) { - sql.push('DROP INDEX `' + indexName + '`'); + sql.push('DROP INDEX ' + self.client.escapeId(indexName)); delete ai[indexName]; } } @@ -819,6 +819,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done, } var found = ai[propName] && ai[propName].info; if (!found) { + var pName = self.client.escapeId(propName); var type = ''; var kind = ''; if (i.type) { @@ -828,10 +829,10 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done, // kind = i.kind; } if (kind && type) { - sql.push('ADD ' + kind + ' INDEX `' + propName + '` (`' + propName + '`) ' + type); + sql.push('ADD ' + kind + ' INDEX ' + pName + ' (' + pName + ') ' + type); } else { (typeof i === 'object' && i.unique && i.unique === true) && (kind = "UNIQUE"); - sql.push('ADD ' + kind + ' INDEX `' + propName + '` ' + type + ' (`' + propName + '`) '); + sql.push('ADD ' + kind + ' INDEX ' + pName + ' ' + type + ' (' + pName + ') '); } } }); @@ -841,6 +842,7 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done, var i = m.settings.indexes[indexName]; var found = ai[indexName] && ai[indexName].info; if (!found) { + var iName = self.client.escapeId(indexName); var type = ''; var kind = ''; if (i.type) { @@ -850,9 +852,9 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done, kind = i.kind; } if (kind && type) { - sql.push('ADD ' + kind + ' INDEX `' + indexName + '` (' + i.columns + ') ' + type); + sql.push('ADD ' + kind + ' INDEX ' + iName + ' (' + i.columns + ') ' + type); } else { - sql.push('ADD ' + kind + ' INDEX ' + type + ' `' + indexName + '` (' + i.columns + ')'); + sql.push('ADD ' + kind + ' INDEX ' + type + ' ' + iName + ' (' + i.columns + ')'); } } }); @@ -871,7 +873,8 @@ MySQL.prototype.alterTable = function (model, actualFields, actualIndexes, done, function actualize(propName, oldSettings) { var newSettings = m.properties[propName]; if (newSettings && changed(newSettings, oldSettings)) { - sql.push('CHANGE COLUMN `' + propName + '` `' + propName + '` ' + + var pName = self.client.escapeId(propName); + sql.push('CHANGE COLUMN ' + pName + ' ' + pName + ' ' + self.propertySettingsSQL(model, propName)); } }