Skip to content

public / sequelize

Go to a project

不要怂,就是干,撸起袖子干!

Commit 4f4abdc8 by Mick Hansen
Options

Merge pull request #5032 from shoshomiga/raw_query_fix 

Fix for #4904
2 parents 8864d1b5 12057dcd
Inline Side-by-side
Showing with 16 additions and 6 deletions
lib/sql-string.js
...@@ -12,7 +12,7 @@ SqlString.escapeId = function(val, forbidQualified) { ...@@ -12,7 +12,7 @@ SqlString.escapeId = function(val, forbidQualified) {
return '`' + val.replace(/`/g, '``').replace(/\./g, '`.`') + '`'; return '`' + val.replace(/`/g, '``').replace(/\./g, '`.`') + '`';
}; };
SqlString.escape = function(val, timeZone, dialect) { SqlString.escape = function(val, timeZone, dialect, format) {
if (val === undefined || val === null) { if (val === undefined || val === null) {
return 'NULL'; return 'NULL';
} }
...@@ -43,11 +43,10 @@ SqlString.escape = function(val, timeZone, dialect) { ...@@ -43,11 +43,10 @@ SqlString.escape = function(val, timeZone, dialect) {
if (Array.isArray(val)) { if (Array.isArray(val)) {
var escape = _.partialRight(SqlString.escape, timeZone, dialect); var escape = _.partialRight(SqlString.escape, timeZone, dialect);
if (dialect === 'postgres') { if (dialect === 'postgres' && !format) {
return dataTypes.ARRAY.prototype.stringify(val, {escape: escape}); return dataTypes.ARRAY.prototype.stringify(val, {escape: escape});
} else {
return '[' + val.map(escape) + ']';
} }
return val.map(escape);
} }
if (dialect === 'postgres' || dialect === 'sqlite' || dialect === 'mssql') { if (dialect === 'postgres' || dialect === 'sqlite' || dialect === 'mssql') {
...@@ -78,7 +77,7 @@ SqlString.format = function(sql, values, timeZone, dialect) { ...@@ -78,7 +77,7 @@ SqlString.format = function(sql, values, timeZone, dialect) {
return match; return match;
} }
return SqlString.escape(values.shift(), timeZone, dialect); return SqlString.escape(values.shift(), timeZone, dialect, true);
}); });
}; };
...@@ -89,7 +88,7 @@ SqlString.formatNamedParameters = function(sql, values, timeZone, dialect) { ...@@ -89,7 +88,7 @@ SqlString.formatNamedParameters = function(sql, values, timeZone, dialect) {
} }
if (values[key] !== undefined) { if (values[key] !== undefined) {
return SqlString.escape(values[key], timeZone, dialect); return SqlString.escape(values[key], timeZone, dialect, true);
} else { } else {
throw new Error('Named parameter "' + value + '" has no value in the given object.'); throw new Error('Named parameter "' + value + '" has no value in the given object.');
} }
......
test/unit/sql/select.test.js
...@@ -287,4 +287,15 @@ suite(Support.getTestDialectTeaser('SQL'), function() { ...@@ -287,4 +287,15 @@ suite(Support.getTestDialectTeaser('SQL'), function() {
}); });
}); });
suite('raw query', function () {
test('raw replacements', function () {
expectsql(sql.selectQuery('User', {
attributes: ['*'],
having: ['name IN (?)', [1, 'test', 3, "derp"]]
}), {
default: "SELECT * FROM [User] HAVING name IN (1,'test',3,'derp');"
});
});
});
}); });
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!