UNPKG

sequelize/lib/sql-string.js

Version:

3.59 kBJavaScriptView Raw

1'use strict';
2
3const dataTypes = require('./data-types');
4const { logger } = require('./utils/logger');
5
6function arrayToList(array, timeZone, dialect, format) {
return array.reduce((sql, val, i) => {
  if (i !== 0) {
    sql += ', ';
  }
  if (Array.isArray(val)) {
    sql += `(${arrayToList(val, timeZone, dialect, format)})`;
  } else {
    sql += escape(val, timeZone, dialect, format);
  }
  return sql;
}, '');
18}
19exports.arrayToList = arrayToList;
20
21function escape(val, timeZone, dialect, format) {
let prependN = false;
if (val === undefined || val === null) {
  return 'NULL';
}
switch (typeof val) {
  case 'boolean':
  // SQLite doesn't have true/false support. MySQL aliases true/false to 1/0
  // for us. Postgres actually has a boolean type with true/false literals,
  // but sequelize doesn't use it yet.
    if (dialect === 'sqlite' || dialect === 'mssql') {
      return +!!val;
    }
    return (!!val).toString();
  case 'number':
    return val.toString();
  case 'string':
  // In mssql, prepend N to all quoted vals which are originally a string (for
  // unicode compatibility)
    prependN = dialect === 'mssql';
    break;
}
43
if (val instanceof Date) {
  val = dataTypes[dialect].DATE.prototype.stringify(val, { timezone: timeZone });
}
47
if (Buffer.isBuffer(val)) {
  if (dataTypes[dialect].BLOB) {
    return dataTypes[dialect].BLOB.prototype.stringify(val);
  }
52
  return dataTypes.BLOB.prototype.stringify(val);
}
55
if (Array.isArray(val)) {
  const partialEscape = escVal => escape(escVal, timeZone, dialect, format);
  if (dialect === 'postgres' && !format) {
    return dataTypes.ARRAY.prototype.stringify(val, { escape: partialEscape });
  }
  return arrayToList(val, timeZone, dialect, format);
}
63
if (!val.replace) {
  throw new Error(`Invalid value ${logger.inspect(val)}`);
}
67
if (dialect === 'postgres' || dialect === 'sqlite' || dialect === 'mssql') {
  // http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS
  // http://stackoverflow.com/q/603572/130598
  val = val.replace(/'/g, "''");
72
  if (dialect === 'postgres') {
    // null character is not allowed in Postgres
    val = val.replace(/\0/g, '\\0');
  }
} else {
  // eslint-disable-next-line no-control-regex
  val = val.replace(/[\0\n\r\b\t\\'"\x1a]/g, s => {
    switch (s) {
      case '\0': return '\\0';
      case '\n': return '\\n';
      case '\r': return '\\r';
      case '\b': return '\\b';
      case '\t': return '\\t';
      case '\x1a': return '\\Z';
      default: return `\\${s}`;
    }
  });
}
return `${(prependN ? "N'" : "'") + val}'`;
92}
93exports.escape = escape;
94
95function format(sql, values, timeZone, dialect) {
values = [].concat(values);
97
if (typeof sql !== 'string') {
  throw new Error(`Invalid SQL string provided: ${sql}`);
}
101
return sql.replace(/\?/g, match => {
  if (!values.length) {
    return match;
  }
106
  return escape(values.shift(), timeZone, dialect, true);
});
109}
110exports.format = format;
111
112function formatNamedParameters(sql, values, timeZone, dialect) {
return sql.replace(/:+(?!\d)(\w+)/g, (value, key) => {
  if ('postgres' === dialect && '::' === value.slice(0, 2)) {
    return value;
  }
117
  if (values[key] !== undefined) {
    return escape(values[key], timeZone, dialect, true);
  }
  throw new Error(`Named parameter "${value}" has no value in the given object.`);
});
123}
124exports.formatNamedParameters = formatNamedParameters;

1	`'use strict';`
2
3	`const dataTypes = require('./data-types');`
4	`const { logger } = require('./utils/logger');`
5
6	`function arrayToList(array, timeZone, dialect, format) {`
7	`return array.reduce((sql, val, i) => {`
8	`if (i !== 0) {`
9	`sql += ', ';`
10	`}`
11	`if (Array.isArray(val)) {`
12	sql += `(${arrayToList(val, timeZone, dialect, format)})`;
13	`} else {`
14	`sql += escape(val, timeZone, dialect, format);`
15	`}`
16	`return sql;`
17	`}, '');`
18	`}`
19	`exports.arrayToList = arrayToList;`
20
21	`function escape(val, timeZone, dialect, format) {`
22	`let prependN = false;`
23	`if (val === undefined \|\| val === null) {`
24	`return 'NULL';`
25	`}`
26	`switch (typeof val) {`
27	`case 'boolean':`
28	`// SQLite doesn't have true/false support. MySQL aliases true/false to 1/0`
29	`// for us. Postgres actually has a boolean type with true/false literals,`
30	`// but sequelize doesn't use it yet.`
31	`if (dialect === 'sqlite' \|\| dialect === 'mssql') {`
32	`return +!!val;`
33	`}`
34	`return (!!val).toString();`
35	`case 'number':`
36	`return val.toString();`
37	`case 'string':`
38	`// In mssql, prepend N to all quoted vals which are originally a string (for`
39	`// unicode compatibility)`
40	`prependN = dialect === 'mssql';`
41	`break;`
42	`}`
43
44	`if (val instanceof Date) {`
45	`val = dataTypes[dialect].DATE.prototype.stringify(val, { timezone: timeZone });`
46	`}`
47
48	`if (Buffer.isBuffer(val)) {`
49	`if (dataTypes[dialect].BLOB) {`
50	`return dataTypes[dialect].BLOB.prototype.stringify(val);`
51	`}`
52
53	`return dataTypes.BLOB.prototype.stringify(val);`
54	`}`
55
56	`if (Array.isArray(val)) {`
57	`const partialEscape = escVal => escape(escVal, timeZone, dialect, format);`
58	`if (dialect === 'postgres' && !format) {`
59	`return dataTypes.ARRAY.prototype.stringify(val, { escape: partialEscape });`
60	`}`
61	`return arrayToList(val, timeZone, dialect, format);`
62	`}`
63
64	`if (!val.replace) {`
65	throw new Error(`Invalid value ${logger.inspect(val)}`);
66	`}`
67
68	`if (dialect === 'postgres' \|\| dialect === 'sqlite' \|\| dialect === 'mssql') {`
69	`// http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS`
70	`// http://stackoverflow.com/q/603572/130598`
71	`val = val.replace(/'/g, "''");`
72
73	`if (dialect === 'postgres') {`
74	`// null character is not allowed in Postgres`
75	`val = val.replace(/\0/g, '\\0');`
76	`}`
77	`} else {`
78	`// eslint-disable-next-line no-control-regex`
79	`val = val.replace(/[\0\n\r\b\t\\'"\x1a]/g, s => {`
80	`switch (s) {`
81	`case '\0': return '\\0';`
82	`case '\n': return '\\n';`
83	`case '\r': return '\\r';`
84	`case '\b': return '\\b';`
85	`case '\t': return '\\t';`
86	`case '\x1a': return '\\Z';`
87	default: return `\\${s}`;
88	`}`
89	`});`
90	`}`
91	return `${(prependN ? "N'" : "'") + val}'`;
92	`}`
93	`exports.escape = escape;`
94
95	`function format(sql, values, timeZone, dialect) {`
96	`values = [].concat(values);`
97
98	`if (typeof sql !== 'string') {`
99	throw new Error(`Invalid SQL string provided: ${sql}`);
100	`}`
101
102	`return sql.replace(/\?/g, match => {`
103	`if (!values.length) {`
104	`return match;`
105	`}`
106
107	`return escape(values.shift(), timeZone, dialect, true);`
108	`});`
109	`}`
110	`exports.format = format;`
111
112	`function formatNamedParameters(sql, values, timeZone, dialect) {`
113	`return sql.replace(/:+(?!\d)(\w+)/g, (value, key) => {`
114	`if ('postgres' === dialect && '::' === value.slice(0, 2)) {`
115	`return value;`
116	`}`
117
118	`if (values[key] !== undefined) {`
119	`return escape(values[key], timeZone, dialect, true);`
120	`}`
121	throw new Error(`Named parameter "${value}" has no value in the given object.`);
122	`});`
123	`}`
124	`exports.formatNamedParameters = formatNamedParameters;`