Merge branch 'master' of git://github.com/wyplay/sequelize into wyplay-master

Daniel Durante
Commit 750817c5 authored May 03, 2013 by Daniel Durante
Showing with 24 additions and 17 deletions
changelog.md
lib/sequelize.js
lib/sql-string.js
lib/utils.js
--- a/changelog.md
+++ b/changelog.md
 # v1.7.0 #
+- [BUG] Fix string escape with postgresql on raw SQL queries/ [#586](https://github.com/sequelize/sequelize/pull/586). thanks to zanamixx
 - [BUG] "order by" is now after "group by". [#585](https://github.com/sequelize/sequelize/pull/585). thanks to mekanics
 - [BUG] Added decimal support for min/max. [#583](https://github.com/sequelize/sequelize/pull/583). thanks to durango
 - [FEATURE] Schematics. [#564](https://github.com/sequelize/sequelize/pull/564). thanks to durango

--- a/lib/sequelize.js
+++ b/lib/sequelize.js
@@ -202,7 +202,7 @@ module.exports = (function() {
  Sequelize.prototype.query = function(sql, callee, options, replacements) {
    if (arguments.length === 4) {
-      sql = Utils.format([sql].concat(replacements))
+      sql = Utils.format([sql].concat(replacements), this.options.dialect)
    } else if (arguments.length === 3) {
      options = options
    } else if (arguments.length === 2) {

--- a/lib/sql-string.js
+++ b/lib/sql-string.js
@@ -7,7 +7,7 @@ SqlString.escapeId = function (val, forbidQualified) {
  return '`' + val.replace(/`/g, '``').replace(/\./g, '`.`') + '`';
 };
-SqlString.escape = function(val, stringifyObjects, timeZone) {
+SqlString.escape = function(val, stringifyObjects, timeZone, dialect) {
  if (val === undefined || val === null) {
    return 'NULL';
  }
@@ -37,17 +37,22 @@ SqlString.escape = function(val, stringifyObjects, timeZone) {
    }
  }
-  val = val.replace(/[\0\n\r\b\t\\\'\"\x1a]/g, function(s) {
+  if (dialect == "postgres") {
-    switch(s) {
+    // http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS
-      case "\0": return "\\0";
+    val = val.replace(/'/g, "''");
-      case "\n": return "\\n";
+  } else {
-      case "\r": return "\\r";
+    val = val.replace(/[\0\n\r\b\t\\\'\"\x1a]/g, function(s) {
-      case "\b": return "\\b";
+      switch(s) {
-      case "\t": return "\\t";
+        case "\0": return "\\0";
-      case "\x1a": return "\\Z";
+        case "\n": return "\\n";
-      default: return "\\"+s;
+        case "\r": return "\\r";
-    }
+        case "\b": return "\\b";
-  });
+        case "\t": return "\\t";
+        case "\x1a": return "\\Z";
+        default: return "\\"+s;
+      }
+    });
+  }
  return "'"+val+"'";
 };
@@ -58,7 +63,7 @@ SqlString.arrayToList = function(array, timeZone) {
  }).join(', ');
 };
-SqlString.format = function(sql, values, timeZone) {
+SqlString.format = function(sql, values, timeZone, dialect) {
  values = [].concat(values);
  return sql.replace(/\?/g, function(match) {
@@ -66,7 +71,7 @@ SqlString.format = function(sql, values, timeZone) {
      return match;
    }
-    return SqlString.escape(values.shift(), false, timeZone);
+    return SqlString.escape(values.shift(), false, timeZone, dialect);
  });
 };

--- a/lib/utils.js
+++ b/lib/utils.js
@@ -47,8 +47,9 @@ var Utils = module.exports = {
  escape: function(s) {
    return SqlString.escape(s, true, "local").replace(/\\"/g, '"')
  },
-  format: function(arr) {
+  format: function(arr, dialect) {
-    return SqlString.format(arr.shift(), arr)
+    var timeZone = null;
+    return SqlString.format(arr.shift(), arr, timeZone, dialect)
  },
  isHash: function(obj) {
    return Utils._.isObject(obj) && !Array.isArray(obj);