Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #53 from campersander/master

Property names are not escaped
  • Loading branch information...
commit e12bd7ae04dab04516b28a431719070c2337e955 2 parents 36dcc7f + 0f5a974
@joeferner authored
View
18 lib/driver.js
@@ -29,7 +29,7 @@ var Driver = Class.extend({
if (column.primaryKey && column.autoIncrement) {
continue;
}
- columnNamesSql.push(column.dbColumnName);
+ columnNamesSql.push(this.escapeColumnName(column.dbColumnName));
valuesSql.push(this.getValuesSubstitutionString(valueSubstitutionIndex++));
values.push(obj[columnKey]);
}
@@ -42,7 +42,7 @@ var Driver = Class.extend({
getManyToManyInsertSql: function(association, obj, relatedObj) {
var valueSubstitutionIndex = 1;
- var columnNamesSql = [ association.foreignKey, association.manyToManyForeignKey ];
+ var columnNamesSql = [ this.escapeColumnName(association.foreignKey), this.escapeColumnName(association.manyToManyForeignKey) ];
var valuesSql = [
this.getValuesSubstitutionString(valueSubstitutionIndex++),
this.getValuesSubstitutionString(valueSubstitutionIndex++)];
@@ -68,7 +68,7 @@ var Driver = Class.extend({
if (column.primaryKey && column.autoIncrement) {
continue;
}
- columnNamesSql.push(column.dbColumnName + ' = ' + this.getValuesSubstitutionString(valueSubstitutionIndex++));
+ columnNamesSql.push(this.escapeColumnName(column.dbColumnName) + ' = ' + this.getValuesSubstitutionString(valueSubstitutionIndex++));
values.push(obj[columnKey]);
}
@@ -92,13 +92,13 @@ var Driver = Class.extend({
if (column.primaryKey && column.autoIncrement) {
throw new Error("Invalid column to update '" + prop + "', cannot be a primary or autoincrementing column.");
}
- columnNamesSql.push(column.dbColumnName + ' = ' + this.getValuesSubstitutionString(valueSubstitutionIndex++));
+ columnNamesSql.push(this.escapeColumnName(column.dbColumnName) + ' = ' + this.getValuesSubstitutionString(valueSubstitutionIndex++));
values.push(data[prop]);
} else {
var association = model.associations[prop];
if (association) {
if (association.type === 'hasOne') {
- columnNamesSql.push(association.foreignKey + ' = ' + this.getValuesSubstitutionString(valueSubstitutionIndex++));
+ columnNamesSql.push(this.escapeColumnName(association.foreignKey) + ' = ' + this.getValuesSubstitutionString(valueSubstitutionIndex++));
values.push(data[prop].getId());
} else {
throw new Error("Invalid association '" + prop + "' for update, must be a hasOne.");
@@ -122,8 +122,12 @@ var Driver = Class.extend({
return results;
},
+ escapeColumnName: function(columnName) {
+ throw new Error("Not Implemented");
+ },
+
getColumnName: function(column, aliasTables) {
- var name = column.dbColumnName;
+ var name = this.escapeColumnName(column.dbColumnName);
if (aliasTables) {
name = column.tableAlias + '.' + name;
}
@@ -264,7 +268,7 @@ var Driver = Class.extend({
for (i = 0; i < sqlTree.orderBy.length; i++) {
var orderBy = sqlTree.orderBy[i];
- var orderByClause = orderBy.column.alias + ' ';
+ var orderByClause = this.escapeColumnName(orderBy.column.alias) + ' ';
if (orderBy.direction) {
switch (orderBy.direction) {
case persist.Ascending:
View
4 lib/drivers/mysql.js
@@ -107,6 +107,10 @@ var MySqlDriver = Driver.extend({
conn = new MySqlConnection(this, db, true, opts);
callback(null, conn);
}
+ },
+
+ escapeColumnName: function (columnName) {
+ return '`' + columnName + '`';
}
});
View
4 lib/drivers/oracle.js
@@ -180,6 +180,10 @@ var OracleDriver = Driver.extend({
sql = util.format("SELECT * FROM (SELECT rnumalias.*, ROWNUM persist_rnum FROM (%s) rnumalias WHERE ROWNUM <= %s) WHERE persist_rnum > %s", sql, sqlTree.limitOffset + sqlTree.limitCount, sqlTree.limitOffset);
}
return sql;
+ },
+
+ escapeColumnName: function (columnName) {
+ return '"' + columnName + '"';
}
});
View
4 lib/drivers/pg.js
@@ -152,6 +152,10 @@ var PostgreSqlDriver = Driver.extend({
var result = { sql: sql, values: values };
//console.log(result);
return result;
+ },
+
+ escapeColumnName: function (columnName) {
+ return '"' + columnName + '"';
}
});
View
4 lib/drivers/sqlite3.js
@@ -92,6 +92,10 @@ var Sqlite3Driver = Driver.extend({
conn = new Sqlite3Connection(this, db, true, opts);
callback(null, conn);
}
+ },
+
+ escapeColumnName: function (columnName) {
+ return '"' + columnName + '"';
}
});
View
28 test/escape.js
@@ -0,0 +1,28 @@
+"use strict";
+
+var util = require("util");
+var assert = require("assert");
+var nodeunit = require("nodeunit");
+var persist = require("../lib/persist");
+var testUtils = require("../test_helpers/test_utils");
+
+exports['Escape'] = nodeunit.testCase({
+ "reserved field name": function(test) {
+ var TaxonomicClass = persist.define("TaxonomicClass", {
+ order: persist.type.STRING
+ });
+
+ testUtils.connect(persist, {}, function(err, connection) {
+ test.ifError(err);
+
+ connection.runSql(util.format('CREATE TABLE TaxonomicClasses(%s INT NOT NULL);', connection.driver.escapeColumnName('order')), function(err) {
+ test.ifError(err);
+
+ var t = new TaxonomicClass({ order: "Lepidoptera" });
+ t.save(connection, test.ifError);
+
+ test.done();
+ });
+ });
+ }
+});
Please sign in to comment.
Something went wrong with that request. Please try again.