Add string escape for postgresql in custom query

zanamixx
Commit 4caf1090 authored Apr 05, 2013 by zanamixx
Showing with 18 additions and 8 deletions
.gitignore
lib/sequelize.js
lib/sql-string.js
lib/utils.js
spec-jasmine/config/config.js
spec/config/config.js
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,6 @@ test*.js
 .DS_STORE
 node_modules
 npm-debug.log
+spec/config/config.js
+spec-jasmine/config/config.js
 *~
--- a/lib/sequelize.js
+++ b/lib/sequelize.js
@@ -171,7 +171,7 @@ module.exports = (function() {

  Sequelize.prototype.query = function(sql, callee, options, replacements) {
    if (arguments.length === 4) {
-      sql = Utils.format([sql].concat(replacements))
+      sql = Utils.format([sql].concat(replacements), this.options.dialect)
    } else if (arguments.length === 3) {
      options = options
    } else if (arguments.length === 2) {

--- a/lib/sql-string.js
+++ b/lib/sql-string.js
@@ -7,7 +7,7 @@ SqlString.escapeId = function (val, forbidQualified) {
  return '`' + val.replace(/`/g, '``').replace(/\./g, '`.`') + '`';
 };

-SqlString.escape = function(val, stringifyObjects, timeZone) {
+SqlString.escape = function(val, stringifyObjects, timeZone, dialect) {
  if (val === undefined || val === null) {
    return 'NULL';
  }
@@ -37,6 +37,10 @@ SqlString.escape = function(val, stringifyObjects, timeZone) {
    }
  }

+  if (dialect == "postgres") {
+    // http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS
+    val = val.replace(/'/g, "''");
+  } else {
    val = val.replace(/[\0\n\r\b\t\\\'\"\x1a]/g, function(s) {
      switch(s) {
        case "\0": return "\\0";
@@ -48,6 +52,7 @@ SqlString.escape = function(val, stringifyObjects, timeZone) {
        default: return "\\"+s;
      }
    });
+  }
  return "'"+val+"'";
 };

@@ -58,7 +63,7 @@ SqlString.arrayToList = function(array, timeZone) {
  }).join(', ');
 };

-SqlString.format = function(sql, values, timeZone) {
+SqlString.format = function(sql, values, timeZone, dialect) {
  values = [].concat(values);

  return sql.replace(/\?/g, function(match) {
@@ -66,7 +71,7 @@ SqlString.format = function(sql, values, timeZone) {
      return match;
    }

-    return SqlString.escape(values.shift(), false, timeZone);
+    return SqlString.escape(values.shift(), false, timeZone, dialect);
  });
 };


--- a/lib/utils.js
+++ b/lib/utils.js
@@ -47,8 +47,9 @@ var Utils = module.exports = {
  escape: function(s) {
    return SqlString.escape(s, true, "local").replace(/\\"/g, '"')
  },
-  format: function(arr) {
-    return SqlString.format(arr.shift(), arr)
+  format: function(arr, dialect) {
+    var timeZone = null;
+    return SqlString.format(arr.shift(), arr, timeZone, dialect)
  },
  isHash: function(obj) {
    return Utils._.isObject(obj) && !Array.isArray(obj);

--- a/spec-jasmine/config/config.js
+++ b/spec-jasmine/config/config.js
@@ -18,7 +18,8 @@ module.exports = {

  postgres: {
    database: 'sequelize_test',
-    username: "postgres",
+    username: "root",
+    password: "toor",
    port: 5432,
    pool: { maxConnections: 5, maxIdleTime: 30}
  }

--- a/spec/config/config.js
+++ b/spec/config/config.js
@@ -24,7 +24,8 @@ module.exports = {

  postgres: {
    database: 'sequelize_test',
-    username: "postgres",
+    username: "root",
+    password: "toor",
    port: 5432,
    pool: { maxConnections: 5, maxIdleTime: 30}
  }