This repository has been archived by the owner on Nov 9, 2021. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow param query inside where, JOIN condition, and expr
Added toParam support for expr() block when used in JOIN ON condition, or a where clause Added new tests for JOIN on Condition using expr() Added new tests for Expression block Fixed updated build script. After changing the build script, the select.test.coffee file was not running due to a typo in the grunt file. There were some limitations with nesting a query, or expr() with a query, inside a where clause, or a JOIN condition and the use of toParam. The nested queries were being converted to a string rather than doing a toParam, the string result was being added as the value for the parameter. This is a potential sql injection risk. Now the nested/inline query when provided as a parameter will be in a where clause will replace the parameter '?' with the textual component of the nested query, and add any parameters from the nested query to the parent query. Example, subqry = squel.select().field('col3').from('table2').where('col5 = ?', 'test1') query = squel.select().field('col1').from('table1').where('col2 in ?', subqry) query.toParam() gives: { text: "SELECT col1 FROM table1 WHERE (col2 IN (SELECT col3 FROM table2 WHERE (col5 = ?)))", values: ['test1'] } Previously it gave: { text: "SELECT col1 FROM table1 WHERE (col2 IN (?))", values: ['SELECT col3 FROM table2 WHERE (col5 = 'test1')'] }
- Loading branch information
1 parent
d95e55d
commit 913b0e4
Showing
12 changed files
with
313 additions
and
75 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
Oops, something went wrong.