fixes apostrophe issue on mssql dialect (#4077)

Co-authored-by: Jamie Peabody <jpeabody@axway.com>
knex · Oct 24, 2020 · 8faaf9c · 8faaf9c
1 parent 162cf2e
commit 8faaf9c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/lib/dialects/mssql/index.js b/lib/dialects/mssql/index.js
@@ -212,7 +212,7 @@ Object.assign(Client_MSSQL.prototype, {
       return '*';
     }
 
-    return `[${value.replace(/[[\]']+/g, '')}]`;
+    return `[${value.replace(/[[\]]+/g, '')}]`;
   },
 
   // Get a raw connection, called by the `pool` whenever a new

diff --git a/test/unit/dialects/mssql.js b/test/unit/dialects/mssql.js
@@ -30,4 +30,13 @@ describe('MSSQL unit tests', () => {
       'select * from [projects] where [id" = 1 UNION SELECT 1, @@version -- --] = ?'
     );
   });
+
+  it("should escape statements with ' correctly", async () => {
+    const sql = knexInstance('projects')
+      .where("id]' = 1 UNION SELECT 1, @@version -- --", 1)
+      .toSQL();
+    expect(sql.sql).to.equal(
+      "select * from [projects] where [id' = 1 UNION SELECT 1, @@version -- --] = ?"
+    );
+  });
 });