Permalink
Browse files

Fixed #20

* more accurate String params escaping
  • Loading branch information...
1 parent f6a5440 commit b044b140bded47a7dad14e446d3e7709abc57c8a @DrBenton committed Jan 13, 2014
@@ -237,7 +237,7 @@ Adapter.prototype.escape = function( value )
return "'" + this._stringifyDate(value) + "'";
else if( typeof(value)=='object' && (value instanceof DBExpr) )
return value.getStr();
- else if( isNaN(value) || value === '' )
+ else if( typeof(value)=='string' )
return "'" + this._dbClient.escapeSync( value ) + "'";
else
return value;
@@ -257,7 +257,7 @@ Adapter.prototype.escape = function( value )
return "'" + this._stringifyDate(value) + "'";
else if( typeof(value)=='object' && (value instanceof DBExpr) )
return value.getStr();
- else if( isNaN(value) || value === '' )
+ else if( typeof(value)=='string' )
return this._dbClient.escape( value );
else
return value;
@@ -228,7 +228,7 @@ Adapter.prototype.escape = function( value )
return "'" + this._stringifyDate(value) + "'";
else if( typeof(value)=='object' && (value instanceof DBExpr) )
return value.getStr();
- else if( isNaN(value) )
+ else if( typeof(value)=='string' )
return "'" + value.replace(/'/g, "''") + "'";
else
return value;
@@ -192,7 +192,7 @@ Adapter.prototype.escape = function( value )
return "'" + this._stringifyDate(value) + "'";
else if( typeof(value)=='object' && (value instanceof DBExpr) )
return value.getStr();
- else if( isNaN(value) || value === '' )
+ else if( typeof(value)=='string' )
return "'" + value.replace(/'/g, "''") + "'";
else
return value;
View
@@ -55,7 +55,7 @@ var adapterTestSuite = function( adapterName )
});
it('should handle a single custom field in a basic SELECT', function() {
- select = dbWrapper.getSelect().from('user', 'first_name' );
+ select = dbWrapper.getSelect().from('user', 'first_name');
var first_name = dbWrapper._adapter.escapeField('first_name');
expectedSql = 'SELECT '+user+'.'+first_name+' FROM '+user;
@@ -121,6 +121,19 @@ var adapterTestSuite = function( adapterName )
expect(select.assemble()).to.equal(expectedSql);
});
+
+ it('should properly escape Strings params, even if they only contain numbers', function() {
+ //@see https://github.com/DrBenton/Node-DBI/issues/20
+ select = dbWrapper.getSelect()
+ .from('user')
+ .where('escaped=?', '1234')
+ .where('unescaped=?', 1234);
+
+ expectedSql = 'SELECT '+user+'.* FROM '+user+' WHERE (escaped=\'1234\') AND (unescaped=1234)';
+
+ expect(select.assemble()).to.equal(expectedSql);
+ });
+
it('should handle an advanced WHERE clause, with special chars and disordered from() and where() calls', function() {
select = dbWrapper.getSelect()
.where('enabled=1')

0 comments on commit b044b14

Please sign in to comment.