From 2e29cdaad44adca072acc1346115598ab6bbe73e Mon Sep 17 00:00:00 2001 From: pseudobeer Date: Sun, 3 Jul 2016 19:05:27 +0900 Subject: [PATCH 1/3] Fixed quotation of numbers inside prepared statements Addressing issue https://github.com/mscdex/node-mariasql/issues/94 Checks if item is an integer, and if so returns it without adding quotations. Fixes OFFSET, LIMIT and other keywords that take integers in prepared statements. --- lib/Client.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/Client.js b/lib/Client.js index cdef046..638dd26 100644 --- a/lib/Client.js +++ b/lib/Client.js @@ -652,6 +652,8 @@ Client.prototype._format_value = function(v) { for (var i = 0, len = v.length; i < len; ++i) r.push(this._format_value(v[i])); return r.join(','); + } else if (Number.isInteger(v)) { + return v; } else if (v !== null && v !== undefined) return "'" + Client.escape(v + '') + "'"; From c8bdccdb544670fb534e3548fc89a7453b329249 Mon Sep 17 00:00:00 2001 From: pseudobeer Date: Sun, 3 Jul 2016 19:51:50 +0900 Subject: [PATCH 2/3] Fixed build failing on isInteger method --- lib/Client.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Client.js b/lib/Client.js index 638dd26..a1db5ff 100644 --- a/lib/Client.js +++ b/lib/Client.js @@ -652,7 +652,7 @@ Client.prototype._format_value = function(v) { for (var i = 0, len = v.length; i < len; ++i) r.push(this._format_value(v[i])); return r.join(','); - } else if (Number.isInteger(v)) { + } else if ((v ^ 0) === v) { return v; } else if (v !== null && v !== undefined) return "'" + Client.escape(v + '') + "'"; From fde76bc9bfb660eea6daf1f8f6bd6176d0c5b3c4 Mon Sep 17 00:00:00 2001 From: pseudobeer Date: Sun, 3 Jul 2016 20:13:17 +0900 Subject: [PATCH 3/3] Fixed tests Integer tests should pass assertions on strings without quotes, string tests should have quotes. --- test/test.js | 58 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 51 insertions(+), 7 deletions(-) diff --git a/test/test.js b/test/test.js index b6ace60..e650aec 100644 --- a/test/test.js +++ b/test/test.js @@ -35,22 +35,40 @@ var tests = [ var client = new Client(); var fn; fn = client.prepare("SELECT * FROM foo WHERE id = '123'"); - assert.strictEqual(fn({ id: 456 }), + assert.strictEqual(fn({ id: '456' }), "SELECT * FROM foo WHERE id = '123'"); fn = client.prepare("SELECT * FROM foo WHERE id = :id"); - assert.strictEqual(fn({ id: 123 }), + assert.strictEqual(fn({ id: '123' }), "SELECT * FROM foo WHERE id = '123'"); - assert.strictEqual(fn({ id: 456 }), + assert.strictEqual(fn({ id: '456' }), "SELECT * FROM foo WHERE id = '456'"); fn = client.prepare("SELECT * FROM foo WHERE id = ?"); - assert.strictEqual(fn([123]), + assert.strictEqual(fn(['123']), "SELECT * FROM foo WHERE id = '123'"); - assert.strictEqual(fn([456]), + assert.strictEqual(fn(['456']), "SELECT * FROM foo WHERE id = '456'"); fn = client.prepare("SELECT * FROM foo WHERE id = :0 AND name = :1"); assert.strictEqual(fn(['123', 'baz']), "SELECT * FROM foo WHERE id = '123' AND name = 'baz'"); + // Integer parsing cases + fn = client.prepare("SELECT * FROM foo WHERE id = 123"); + assert.strictEqual(fn({ id: 456 }), + "SELECT * FROM foo WHERE id = 123"); + fn = client.prepare("SELECT * FROM foo WHERE id = :id"); + assert.strictEqual(fn({ id: 123 }), + "SELECT * FROM foo WHERE id = 123"); + assert.strictEqual(fn({ id: 456 }), + "SELECT * FROM foo WHERE id = 456"); + fn = client.prepare("SELECT * FROM foo WHERE id = ?"); + assert.strictEqual(fn([123]), + "SELECT * FROM foo WHERE id = 123"); + assert.strictEqual(fn([456]), + "SELECT * FROM foo WHERE id = 456"); + fn = client.prepare("SELECT * FROM foo WHERE id = :0 AND name = :1"); + assert.strictEqual(fn([123, 'baz']), + "SELECT * FROM foo WHERE id = 123 AND name = 'baz'"); + // Edge cases fn = client.prepare("SELECT * FROM foo WHERE id = :id" + " AND first = ? AND last = ? AND middle = '?'"); @@ -76,6 +94,32 @@ var tests = [ "SELECT * FROM foo WHERE id = '123'" + " AND first = 'foo' AND last = '?'" + " AND middle = '?'"); + + // Edge cases with integers + fn = client.prepare("SELECT * FROM foo WHERE id = :id" + + " AND first = ? AND last = ? AND middle = '?'"); + assert.strictEqual(fn(appendProps(['foo', 'bar', 'baz'], { id: 123 })), + "SELECT * FROM foo WHERE id = 123" + + " AND first = 'foo' AND last = 'bar'" + + " AND middle = '?'"); + fn = client.prepare("SELECT * FROM foo WHERE id = :id" + + " AND first = ? AND last = '?' AND middle = ?"); + assert.strictEqual(fn(appendProps(['foo', 'bar', 'baz'], { id: 123 })), + "SELECT * FROM foo WHERE id = 123" + + " AND first = 'foo' AND last = '?'" + + " AND middle = 'bar'"); + fn = client.prepare("SELECT * FROM foo WHERE id = :id" + + " AND first = '?' AND last = '?' AND middle = ?"); + assert.strictEqual(fn(appendProps(['foo', 'bar', 'baz'], { id: 123 })), + "SELECT * FROM foo WHERE id = 123" + + " AND first = '?' AND last = '?'" + + " AND middle = 'foo'"); + fn = client.prepare("SELECT * FROM foo WHERE id = :id" + + " AND first = ? AND last = '?' AND middle = '?'"); + assert.strictEqual(fn(appendProps(['foo', 'bar', 'baz'], { id: 123 })), + "SELECT * FROM foo WHERE id = 123" + + " AND first = 'foo' AND last = '?'" + + " AND middle = '?'"); next(); } }, @@ -1035,7 +1079,7 @@ function makeFooTable(client, colDefs, tableOpts) { opts.push(format('%s=%s', key, tableOpts[key])); }); tableOpts = opts.join(' '); - } else + } else tableOpts = ''; client.query('CREATE DATABASE IF NOT EXISTS `foo`', NOOP); @@ -1045,7 +1089,7 @@ function makeFooTable(client, colDefs, tableOpts) { cols.join(', '), tableOpts); client.query(query, NOOP); - + } function next() {