8000 Remove array escape behavior · mysqljs/sqlstring@9d7cb82 · GitHub
[go: up one dir, main page]
Skip to content

Commit 9d7cb82

Browse files
dougwilsondougwilson
committed
Remove array escape behavior
1 parent 0f7cdaf commit 9d7cb82

File tree

4 files changed

+7
-52
lines changed

4 files changed

+7
-52
lines changed

HISTORY.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
unreleased
22
==========
33

4+
* Remove array escape behavior
45
* Remove object key-value-pair escape behavior
56

67
2.3.3 / 2022-03-06

README.md

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -70,9 +70,6 @@ Different value types are escaped differently, here is how:
7070
* Date objects are converted to `'YYYY-mm-dd HH:ii:ss'` strings
7171
* Buffers are converted to hex strings, e.g. `X'0fa5'`
7272
* Strings are safely escaped
73-
* Arrays are turned into list, e.g. `['a', 'b']` turns into `'a', 'b'`
74-
* Nested arrays are turned into grouped lists (for bulk inserts), e.g. `[['a',
75-
'b'], ['c', 'd']]` turns into `('a', 'b'), ('c', 'd')`
7673
* Objects that have a `toSqlString` method will have `.toSqlString()` called
7774
and the returned value is used as the raw SQL.
7875
* `undefined` / `null` are converted to `NULL`
@@ -144,8 +141,7 @@ like to have escaped like this:
144141

145142
```js
146143
var userId = 1;
147-
var columns = ['username', 'email'];
148-
var sql = SqlString.format('SELECT ?? FROM ?? WHERE id = ?', [columns, 'users', userId]);
144+
var sql = SqlString.format('SELECT ??, ?? FROM ?? WHERE id = ?', ['username', 'email', 'users', userId]);
149145
console.log(sql); // SELECT `username`, `email` FROM `users` WHERE id = 1
150146
```
151147
**Please note that this last character sequence is experimental and syntax might change**

lib/SqlString.js

Lines changed: 1 addition & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -16,15 +16,7 @@ var CHARS_ESCAPE_MAP = {
1616
};
1717

1818
SqlString.escapeId = function escapeId(val, forbidQualified) {
19-
if (Array.isArray(val)) {
20-
var sql = '';
21-
22-
for (var i = 0; i < val.length; i++) {
23-
sql += (i === 0 ? '' : ', ') + SqlString.escapeId(val[i], forbidQualified);
24-
}
25-
26-
return sql;
27-
} else if (forbidQualified) {
19+
if (forbidQualified) {
2820
return '`' + String(val).replace(ID_GLOBAL_REGEXP, '``') + '`';
2921
} else {
3022
return '`' + String(val).replace(ID_GLOBAL_REGEXP, '``').replace(QUAL_GLOBAL_REGEXP, '`.`') + '`';
@@ -42,8 +34,6 @@ SqlString.escape = function escape(val, timeZone) {
4234
case 'object':
4335
if (Object.prototype.toString.call(val) === '[object Date]') {
4436
return SqlString.dateToString(val, timeZone || 'local');
45-
} else if (Array.isArray(val)) {
46-
return SqlString.arrayToList(val, timeZone);
4737
} else if (Buffer.isBuffer(val)) {
4838
return SqlString.bufferToString(val);
4939
} else if (typeof val.toSqlString === 'function') {
@@ -55,22 +45,6 @@ SqlString.escape = function escape(val, timeZone) {
5545
}
5646
};
5747

58-
SqlString.arrayToList = function arrayToList(array, timeZone) {
59-
var sql = '';
60-
61-
for (var i = 0; i < array.length; i++) {
62-
var val = array[i];
63-
64-
if (Array.isArray(val)) {
65-
sql += (i === 0 ? '' : ', ') + '(' + SqlString.arrayToList(val, timeZone) + ')';
66-
} else {
67-
sql += (i === 0 ? '' : ', ') + SqlString.escape(val, true, timeZone);
68-
}
69-
}
70-
71-
return sql;
72-
};
73-
7448
SqlString.format = function format(sql, values, stringifyObjects, timeZone) {
7549
if (values == null) {
7650
return sql;

test/unit/test-SqlString.js

Lines changed: 4 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -40,12 +40,8 @@ test('SqlString.escapeId', {
4040
assert.equal(SqlString.escapeId('id1.id2', true), '`id1.id2`');
4141
},
4242

43-
'arrays are turned into lists': function() {
44-
assert.equal(SqlString.escapeId(['a', 'b', 't.c']), '`a`, `b`, `t`.`c`');
45-
},
46-
47-
'nested arrays are flattened': function() {
48-
assert.equal(SqlString.escapeId(['a', ['b', ['t.c']]]), '`a`, `b`, `t`.`c`');
43+
'arrays are stringified and then escaped': function() {
44+
assert.equal(SqlString.escapeId(['a', 'b', 'c']), '`a,b,c`');
4945
}
5046
});
5147

@@ -84,20 +80,8 @@ test('SqlString.escape', {
8480
assert.equal(SqlString.escape({ toSqlString: function() { return 'CURRENT_TIMESTAMP()'; } }), 'CURRENT_TIMESTAMP()');
8581
},
8682

87-
'arrays are turned into lists': function() {
88-
assert.equal(SqlString.escape([1, 2, 'c']), "1, 2, 'c'");
89-
},
90-
91-
'nested arrays are turned into grouped lists': function() {
92-
assert.equal(SqlString.escape([[1, 2, 3], [4, 5, 6], ['a', 'b', {nested: true}]]), "(1, 2, 3), (4, 5, 6), ('a', 'b', '[object Object]')");
93-
},
94-
95-
'nested objects inside arrays are cast to strings': function() {
96-
assert.equal(SqlString.escape([1, {nested: true}, 2]), "1, '[object Object]', 2");
97-
},
98-
99-
'nested objects inside arrays use toString': function() {
100-
assert.equal(SqlString.escape([1, { toString: function() { return 'foo'; } }, 2]), "1, 'foo', 2");
83+
'arrays are stringified and escaped': function() {
84+
assert.equal(SqlString.escape([1, 2, 'c']), "'1,2,c'");
10185
},
10286

10387
'strings are quoted': function() {

0 commit comments

Comments
 (0)
0