Attempt to unify query escaping between dialects

All dialect implementations re-implemented escaping, resulting in
(roughly) the same code being written four times in the codebase. This
moves all of that into SqlString.

lib/dialects/mysql/query-generator.js

 var Utils     = require("../../utils")
   , DataTypes = require("../../data-types")
+  , SqlString = require("../../sql-string")
   , util      = require("util")
 
 module.exports = (function() {
@@ -507,7 +508,7 @@ module.exports = (function() {
           }
 
           if (dataType.comment && Utils._.isString(dataType.comment) && dataType.comment.length) {
-            template += " COMMENT " + Utils.escape(dataType.comment)
+            template += " COMMENT " + this.escape(dataType.comment)
           }
 
           result[name] = template
@@ -554,12 +555,7 @@ module.exports = (function() {
     },
 
     escape: function(value) {
-      if (value instanceof Date) {
-        value = Utils.toSqlDate(value)
-      } else if (typeof value === 'boolean') {
-        value = value ? 1 : 0
-      }
-      return Utils.escape(value)
+      return SqlString.escape(value, false, null, "mysql")
     }
 
   }

lib/dialects/postgres/query-generator.js

 var Utils       = require("../../utils")
   , util        = require("util")
   , DataTypes   = require("../../data-types")
+  , SqlString   = require("../../sql-string")
   , tables      = {}
   , primaryKeys = {}
 
@@ -679,12 +680,6 @@ module.exports = (function() {
       return (i < 10) ? '0' + i.toString() : i.toString()
     },
 
-    pgSqlDate: function (dt) {
-      var date = [ dt.getUTCFullYear(), this.padInt(dt.getUTCMonth()+1), this.padInt(dt.getUTCDate()) ].join('-')
-      var time = [ dt.getUTCHours(), this.padInt(dt.getUTCMinutes()), this.padInt(dt.getUTCSeconds())].join(':')
-      return date + ' ' + time + '.' + ((dt.getTime() % 1000) * 1000) + 'Z'
-    },
-
     pgDataTypeMapping: function (tableName, attr, dataType) {
       if (Utils._.includes(dataType, 'PRIMARY KEY')) {
         primaryKeys[tableName].push(attr)
@@ -735,29 +730,8 @@ module.exports = (function() {
       return identifiers.split('.').map(function(t) { return this.quoteIdentifier(t, force) }.bind(this)).join('.')
     },
 
-    escape: function (val) {
-      if (val === undefined || val === null) {
-        return 'NULL';
-      }
-
-      switch (typeof val) {
-        case 'boolean':
-          return (val) ? 'true' : 'false';
-        case 'number':
-          return val + '';
-        case 'object':
-          if (Array.isArray(val)) {
-            return 'ARRAY['+ val.map(function(it) { return this.escape(it) }.bind(this)).join(',') + ']';
-          }
-      }
-
-      if (val instanceof Date) {
-        val = this.pgSqlDate(val);
-      }
-
-      // http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS
-      val = val.replace(/'/g, "''");
-      return "'" + val + "'";
+    escape: function(value) {
+      return SqlString.escape(value, false, null, "postgres")
     }
 
   }

lib/dialects/sqlite/query-generator.js

 var Utils = require("../../utils")
   , DataTypes = require("../../data-types")
+  , SqlString = require("../../sql-string")
 
 var MySqlQueryGenerator = Utils._.extend(
   Utils._.clone(require("../query-generator")),
@@ -448,19 +449,7 @@ module.exports = (function() {
     },
 
     escape: function(value) {
-      if (value instanceof Date) {
-        value = Utils.toSqlDate(value)
-      }
-
-      if (typeof value === 'string') {
-        return "'" + value.replace(/'/g, "''") + "'";
-      } else if (typeof value === 'boolean') {
-        return value ? 1 : 0; // SQLite has no type boolean
-      } else if (value === null || value === undefined) {
-        return 'NULL';
-      } else {
-        return value;
-      }
+      return SqlString.escape(value, false, null, "sqlite")
     }
 
   }

lib/sql-string.js

@@ -13,12 +13,16 @@ SqlString.escape = function(val, stringifyObjects, timeZone, dialect) {
   }
 
   switch (typeof val) {
-    case 'boolean': return (val) ? 'true' : 'false';
+    case 'boolean':
+      // SQLite doesn't have true/false support. MySQL aliases true/false to 1/0
+      // for us. Postgres actually has a boolean type with true/false literals,
+      // but sequelize doesn't use it yet.
+      return dialect !== 'mysql' ? +!!val : '' + !!val;
     case 'number': return val+'';
   }
 
   if (val instanceof Date) {
-    val = SqlString.dateToString(val, timeZone || "Z");
+    val = SqlString.dateToString(val, timeZone || "Z", dialect);
   }
 
   if (Buffer.isBuffer(val)) {
@@ -26,7 +30,7 @@ SqlString.escape = function(val, stringifyObjects, timeZone, dialect) {
   }
 
   if (Array.isArray(val)) {
-    return SqlString.arrayToList(val, timeZone);
+    return SqlString.arrayToList(val, timeZone, dialect);
   }
 
   if (typeof val === 'object') {
@@ -37,7 +41,7 @@ SqlString.escape = function(val, stringifyObjects, timeZone, dialect) {
     }
   }
 
-  if (dialect === "postgres" || dialect === "sqlite") {
+  if (dialect === 'postgres' || dialect === 'sqlite') {
     // http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS
     // http://stackoverflow.com/q/603572/130598
     val = val.replace(/'/g, "''");
@@ -57,11 +61,18 @@ SqlString.escape = function(val, stringifyObjects, timeZone, dialect) {
   return "'"+val+"'";
 };
 
-SqlString.arrayToList = function(array, timeZone) {
+SqlString.arrayToList = function(array, timeZone, dialect) {
+  if (dialect === 'postgres') {
+    return 'ARRAY[' + array.map(function(v) {
+      return SqlString.escape(v, true, timeZone, dialect);
+    }).join(',') + ']';
+  } else {
     return array.map(function(v) {
-    if (Array.isArray(v)) return '(' + SqlString.arrayToList(v) + ')';
-    return SqlString.escape(v, true, timeZone);
+      if (Array.isArray(v))
+        return '(' + SqlString.arrayToList(v, timeZone, dialect) + ')';
+      return SqlString.escape(v, true, timeZone, dialect);
     }).join(', ');
+  }
 };
 
 SqlString.format = function(sql, values, timeZone, dialect) {
@@ -76,7 +87,7 @@ SqlString.format = function(sql, values, timeZone, dialect) {
   });
 };
 
-SqlString.dateToString = function(date, timeZone) {
+SqlString.dateToString = function(date, timeZone, dialect) {
   var dt = new Date(date);
 
   if (timeZone != 'local') {
@@ -95,7 +106,13 @@ SqlString.dateToString = function(date, timeZone) {
   var minute = zeroPad(dt.getMinutes());
   var second = zeroPad(dt.getSeconds());
 
-  return year + '-' + month + '-' + day + ' ' + hour + ':' + minute + ':' + second;
+  return year + '-' +
+         month + '-' +
+         day + ' ' +
+         hour + ':' +
+         minute + ':' +
+         second +
+         (dialect === 'mysql' ? '.0Z' : '');
 };
 
 SqlString.bufferToString = function(buffer) {

lib/utils.js

@@ -42,17 +42,6 @@ var Utils = module.exports = {
   isHash: function(obj) {
     return Utils._.isObject(obj) && !Array.isArray(obj);
   },
-  pad: function (s) {
-    return s < 10 ? '0' + s : s
-  },
-  toSqlDate: function(date) {
-    return date.getUTCFullYear() + '-' +
-      this.pad(date.getUTCMonth()+1) + '-' +
-      this.pad(date.getUTCDate()) + ' ' +
-      this.pad(date.getUTCHours()) + ':' +
-      this.pad(date.getUTCMinutes()) + ':' +
-      this.pad(date.getUTCSeconds())
-  },
   argsArePrimaryKeys: function(args, primaryKeys) {
     var result = (args.length == Object.keys(primaryKeys).length)
     if (result) {
@@ -181,9 +170,6 @@ var Utils = module.exports = {
   removeTicks: function(s, tickChar) {
     tickChar = tickChar || Utils.TICK_CHAR
     return s.replace(new RegExp(tickChar, 'g'), "")
-  },
-  escape: function(s) {
-    return SqlString.escape(s, true, "local").replace(/\\"/g, '"')
   }
 }
 

spec-jasmine/mysql/query-generator.spec.js

@@ -235,10 +235,10 @@ describe('QueryGenerator', function() {
         context: {options: {omitNull: true}}
       }, {
         arguments: ['myTable', {foo: false}],
-        expectation: "INSERT INTO `myTable` (`foo`) VALUES (0);"
+        expectation: "INSERT INTO `myTable` (`foo`) VALUES (false);"
       }, {
         arguments: ['myTable', {foo: true}],
-        expectation: "INSERT INTO `myTable` (`foo`) VALUES (1);"
+        expectation: "INSERT INTO `myTable` (`foo`) VALUES (true);"
       }
     ],
 
@@ -272,7 +272,7 @@ describe('QueryGenerator', function() {
         context: {options: {omitNull: true}} // Note: As above
       }, {
         arguments: ['myTable', [{name: "foo", value: true}, {name: 'bar', value: false}]],
-        expectation: "INSERT INTO `myTable` (`name`,`value`) VALUES ('foo',1),('bar',0);"
+        expectation: "INSERT INTO `myTable` (`name`,`value`) VALUES ('foo',true),('bar',false);"
       }
     ],
 
@@ -302,10 +302,10 @@ describe('QueryGenerator', function() {
         context: {options: {omitNull: true}}
       }, {
         arguments: ['myTable', {bar: false}, {name: 'foo'}],
-        expectation: "UPDATE `myTable` SET `bar`=0 WHERE `name`='foo'"
+        expectation: "UPDATE `myTable` SET `bar`=false WHERE `name`='foo'"
       }, {
         arguments: ['myTable', {bar: true}, {name: 'foo'}],
-        expectation: "UPDATE `myTable` SET `bar`=1 WHERE `name`='foo'"
+        expectation: "UPDATE `myTable` SET `bar`=true WHERE `name`='foo'"
       }
     ],
 
@@ -385,11 +385,11 @@ describe('QueryGenerator', function() {
       },
       {
         arguments: [{ maple: false, bacon: true }],
-        expectation: "`maple`=0 AND `bacon`=1"
+        expectation: "`maple`=false AND `bacon`=true"
       },
       {
         arguments: [{ beaver: [false, true] }],
-        expectation: "`beaver` IN (0,1)"
+        expectation: "`beaver` IN (false,true)"
       },
       {
         arguments: [{birthday: new Date(Date.UTC(2011, 6, 1, 10, 1, 55))}],