1 | 'use strict';
|
2 |
|
3 | const dataTypes = require('./data-types');
|
4 | const { logger } = require('./utils/logger');
|
5 |
|
6 | function arrayToList(array, timeZone, dialect, format) {
|
7 | return array.reduce((sql, val, i) => {
|
8 | if (i !== 0) {
|
9 | sql += ', ';
|
10 | }
|
11 | if (Array.isArray(val)) {
|
12 | sql += `(${arrayToList(val, timeZone, dialect, format)})`;
|
13 | } else {
|
14 | sql += escape(val, timeZone, dialect, format);
|
15 | }
|
16 | return sql;
|
17 | }, '');
|
18 | }
|
19 | exports.arrayToList = arrayToList;
|
20 |
|
21 | function escape(val, timeZone, dialect, format) {
|
22 | let prependN = false;
|
23 | if (val === undefined || val === null) {
|
24 | return 'NULL';
|
25 | }
|
26 | switch (typeof val) {
|
27 | case 'boolean':
|
28 |
|
29 |
|
30 |
|
31 | if (dialect === 'sqlite' || dialect === 'mssql') {
|
32 | return +!!val;
|
33 | }
|
34 | return (!!val).toString();
|
35 | case 'number':
|
36 | return val.toString();
|
37 | case 'string':
|
38 |
|
39 |
|
40 | prependN = dialect === 'mssql';
|
41 | break;
|
42 | }
|
43 |
|
44 | if (val instanceof Date) {
|
45 | val = dataTypes[dialect].DATE.prototype.stringify(val, { timezone: timeZone });
|
46 | }
|
47 |
|
48 | if (Buffer.isBuffer(val)) {
|
49 | if (dataTypes[dialect].BLOB) {
|
50 | return dataTypes[dialect].BLOB.prototype.stringify(val);
|
51 | }
|
52 |
|
53 | return dataTypes.BLOB.prototype.stringify(val);
|
54 | }
|
55 |
|
56 | if (Array.isArray(val)) {
|
57 | const partialEscape = escVal => escape(escVal, timeZone, dialect, format);
|
58 | if (dialect === 'postgres' && !format) {
|
59 | return dataTypes.ARRAY.prototype.stringify(val, { escape: partialEscape });
|
60 | }
|
61 | return arrayToList(val, timeZone, dialect, format);
|
62 | }
|
63 |
|
64 | if (!val.replace) {
|
65 | throw new Error(`Invalid value ${logger.inspect(val)}`);
|
66 | }
|
67 |
|
68 | if (dialect === 'postgres' || dialect === 'sqlite' || dialect === 'mssql') {
|
69 |
|
70 |
|
71 | val = val.replace(/'/g, "''");
|
72 |
|
73 | if (dialect === 'postgres') {
|
74 |
|
75 | val = val.replace(/\0/g, '\\0');
|
76 | }
|
77 | } else {
|
78 |
|
79 | val = val.replace(/[\0\n\r\b\t\\'"\x1a]/g, s => {
|
80 | switch (s) {
|
81 | case '\0': return '\\0';
|
82 | case '\n': return '\\n';
|
83 | case '\r': return '\\r';
|
84 | case '\b': return '\\b';
|
85 | case '\t': return '\\t';
|
86 | case '\x1a': return '\\Z';
|
87 | default: return `\\${s}`;
|
88 | }
|
89 | });
|
90 | }
|
91 | return `${(prependN ? "N'" : "'") + val}'`;
|
92 | }
|
93 | exports.escape = escape;
|
94 |
|
95 | function format(sql, values, timeZone, dialect) {
|
96 | values = [].concat(values);
|
97 |
|
98 | if (typeof sql !== 'string') {
|
99 | throw new Error(`Invalid SQL string provided: ${sql}`);
|
100 | }
|
101 |
|
102 | return sql.replace(/\?/g, match => {
|
103 | if (!values.length) {
|
104 | return match;
|
105 | }
|
106 |
|
107 | return escape(values.shift(), timeZone, dialect, true);
|
108 | });
|
109 | }
|
110 | exports.format = format;
|
111 |
|
112 | function formatNamedParameters(sql, values, timeZone, dialect) {
|
113 | return sql.replace(/:+(?!\d)(\w+)/g, (value, key) => {
|
114 | if ('postgres' === dialect && '::' === value.slice(0, 2)) {
|
115 | return value;
|
116 | }
|
117 |
|
118 | if (values[key] !== undefined) {
|
119 | return escape(values[key], timeZone, dialect, true);
|
120 | }
|
121 | throw new Error(`Named parameter "${value}" has no value in the given object.`);
|
122 | });
|
123 | }
|
124 | exports.formatNamedParameters = formatNamedParameters;
|