feat(mysql): bind parameters (#8861)

Gareth Oakley · Sushant
Commit f8a98a14 authored Feb 07, 2018 by Gareth Oakley Committed by Sushant Feb 07, 2018
Showing with 26 additions and 7 deletions
docs/raw-queries.md
lib/dialects/mysql/query.js
package.json
test/integration/sequelize.test.js
--- a/docs/raw-queries.md
+++ b/docs/raw-queries.md
@@ -71,9 +71,7 @@ sequelize.query('SELECT * FROM users WHERE name LIKE :search_name ',
 ```
 ## Bind Parameter
-Bind parameters are like replacements. Except replacements are escaped and inserted into the query by sequelize before the query is sent to the database, while bind parameters are sent to the database outside the SQL query text. A query can have either bind parameters or replacements.
+Bind parameters are like replacements. Except replacements are escaped and inserted into the query by sequelize before the query is sent to the database, while bind parameters are sent to the database outside the SQL query text. A query can have either bind parameters or replacements. Bind parameters are referred to by either $1, $2, ... (numeric) or $key (alpha-numeric). This is independent of the dialect.
-Only SQLite and PostgreSQL support bind parameters. Other dialects will insert them into the SQL query in the same way it is done for replacements. Bind parameters are referred to by either $1, $2, ... (numeric) or $key (alpha-numeric). This is independent of the dialect.
 * If an array is passed, `$1` is bound to the 1st element in the array (`bind[0]`)
 * If an object is passed, `$key` is bound to `object['key']`. Each key must begin with a non-numeric char. `$1` is not a valid key, even if `object['1']` exists.

--- a/lib/dialects/mysql/query.js
+++ b/lib/dialects/mysql/query.js
@@ -25,7 +25,20 @@ class Query extends AbstractQuery {
    this.checkLoggingOption();
  }
-  run(sql) {
+  static formatBindParameters(sql, values, dialect) {
+    const bindParam = [];
+    const replacementFunc = (match, key, values) => {
+      if (values[key] !== undefined) {
+        bindParam.push(values[key]);
+        return '?';
+      }
+      return undefined;
+    };
+    sql = AbstractQuery.formatBindParameters(sql, values, dialect, replacementFunc)[0];
+    return [sql, bindParam.length > 0 ? bindParam : undefined];
+  }
+  run(sql, parameters) {
    this.sql = sql;
    //do we need benchmark for this query execution
@@ -42,7 +55,7 @@ class Query extends AbstractQuery {
    debug(`executing(${this.connection.uuid || 'default'}) : ${this.sql}`);
    return new Utils.Promise((resolve, reject) => {
-      this.connection.query({ sql: this.sql }, (err, results) => {
+      const handler = (err, results) => {
        debug(`executed(${this.connection.uuid || 'default'}) : ${this.sql}`);
        if (benchmark) {
@@ -56,7 +69,13 @@ class Query extends AbstractQuery {
        } else {
          resolve(results);
        }
-      }).setMaxListeners(100);
+      };
+      if (parameters) {
+        debug('parameters(%j)', parameters);
+        this.connection.execute(sql, parameters, handler).setMaxListeners(100);
+      } else {
+        this.connection.query({ sql: this.sql }, handler).setMaxListeners(100);
+      }
    })
    // Log warnings if we've got them.
      .then(results => {

--- a/package.json
+++ b/package.json
@@ -73,7 +73,7 @@
    "istanbul": "^0.4.5",
    "lcov-result-merger": "^2.0.0",
    "mocha": "^5.0.0",
-    "mysql2": "^1.x",
+    "mysql2": "^1.5.2",
    "pg": "^7.x",
    "pg-hstore": "^2.3.2",
    "pg-native": "^2.x",

--- a/test/integration/sequelize.test.js
+++ b/test/integration/sequelize.test.js
@@ -549,6 +549,8 @@ describe(Support.getTestDialectTeaser('Sequelize'), () => {
        } else if (dialect === 'mssql') {
          expect(logSql.indexOf('@0')).to.be.above(-1);
          expect(logSql.indexOf('@1')).to.be.above(-1);
+        } else if (dialect === 'mysql') {
+          expect(logSql.match(/\?/g).length).to.equal(2);
        }
      });
    });