Skip to content

Commit

Permalink
fix: 如果field包含 as 时不做转义处理
Browse files Browse the repository at this point in the history
  • Loading branch information
@leizongmin
leizongmin committed Dec 18, 2018
1 parent 941af49 commit 15648d2
Show file tree
Hide file tree
Showing 3 changed files with 65 additions and 24 deletions.
36 changes: 15 additions & 21 deletions src/lib/query.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ export class QueryBuilder<Q = DataRow, R = any> {
protected readonly _data: {
tableName?: string;
tableNameEscaped?: string;
fields: string;
fields: string[];
conditions: string[];
type: string;
update: string[];
Expand Down Expand Up @@ -139,7 +139,7 @@ export class QueryBuilder<Q = DataRow, R = any> {
*/
constructor() {
this._data = {
fields: "*",
fields: [],
conditions: [],
type: "",
update: [],
Expand Down Expand Up @@ -405,13 +405,8 @@ export class QueryBuilder<Q = DataRow, R = any> {
* @param fields 要查询的字段
*/
public fields(...fields: string[]): this {
assert.ok(!(this._data.fields && this._data.fields !== "*"), `cannot change fields after it has been set`);
this._data.fields = fields
.map(name => {
assert.ok(name && typeof name === "string", `field name must be a string`);
return name === "*" ? name : utils.sqlEscapeId(name);
})
.join(", ");
assert.ok(!(this._data.fields.length > 0), `cannot change fields after it has been set`);
this._data.fields = this._data.fields.concat(utils.formatFields("", fields));
return this;
}

Expand All @@ -422,7 +417,7 @@ export class QueryBuilder<Q = DataRow, R = any> {
public count(name: string): this {
assert.ok(this._data.type === "", `cannot change query type after it was set to "${this._data.type}"`);
this._data.type = "SELECT";
this._data.fields = "COUNT(*) AS " + utils.sqlEscapeId(name);
this._data.fields.push("COUNT(*) AS " + utils.sqlEscapeId(name));
return this;
}

Expand Down Expand Up @@ -739,15 +734,9 @@ export class QueryBuilder<Q = DataRow, R = any> {
if (data.mapTableToAlias[currentTableName]) {
const a = utils.sqlEscapeId(data.mapTableToAlias[currentTableName]);
join.push(`AS ${a}`);
data.fields = data.fields
.split(/\s*,\s*/g)
.map(n => `${a}.${n}`)
.join(", ");
data.fields = utils.formatFields(a, data.fields);
} else {
data.fields = data.fields
.split(/\s*,\s*/g)
.map(n => `${currentTableEscapedName}.${n}`)
.join(", ");
data.fields = utils.formatFields(currentTableEscapedName, data.fields);
}
// 创建连表
for (let i = 0; i < data.joinTables.length; i++) {
Expand All @@ -765,13 +754,18 @@ export class QueryBuilder<Q = DataRow, R = any> {
str += ` ON ${item.on}`;
}
if (item.fields) {
data.fields += ", " + item.fields.map(n => `${a}.${n === "*" ? "*" : utils.sqlEscapeId(n)}`).join(", ");
data.fields = data.fields.concat(utils.formatFields(a, item.fields));
}
join.push(str);
}
} else {
data.fields = utils.formatFields("", data.fields);
}
if (data.fields.length === 0) {
data.fields = ["*"];
}
const tail = utils.joinMultiString(...join, where, data.groupBy, data.orderBy, data.limit);
sql = `SELECT ${data.fields} FROM ${currentTableEscapedName} ${tail}`;
sql = `SELECT ${data.fields.join(", ")} FROM ${currentTableEscapedName} ${tail}`;
break;
}
case "INSERT": {
Expand Down Expand Up @@ -801,7 +795,7 @@ export class QueryBuilder<Q = DataRow, R = any> {
$table: this._data.tableNameEscaped,
$orderBy: this._data.orderBy,
$limit: this._data.limit,
$fields: this._data.fields,
$fields: this._data.fields.join(", "),
$skipRows: this._data.offsetRows,
$offsetRows: this._data.offsetRows,
$limitRows: this._data.limitRows,
Expand Down
15 changes: 15 additions & 0 deletions src/lib/utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,3 +261,18 @@ export function joinMultiString(...strs: string[]): string {
export function deepCopy<T = any>(data: T): T {
return JSON.parse(JSON.stringify(data));
}

/**
* 格式化字段列表
* @param table
* @param fields
*/
export function formatFields(table: string, fields: string[]) {
const prefix = table ? `${table}.` : "";
return fields.map(n => {
if (n === "*") return `${prefix}*`;
if (n.toLowerCase().indexOf(" as ") !== -1) return n;
if (n[0] === "`") return `${prefix}${n}`;
return `${prefix}${sqlEscapeId(n)}`;
});
}
38 changes: 35 additions & 3 deletions src/test/query2.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ test("static method", function() {

test("leftJoin", function() {
{
const sql = Q.select()
const sql = Q.select("*")
.from("hello")
.as("A")
.leftJoin("world")
Expand All @@ -70,6 +70,22 @@ test("leftJoin", function() {
"SELECT `A`.*, `B`.* FROM `hello` AS `A` LEFT JOIN `world` AS `B` ON A.id=B.id WHERE 1 AND 2 LIMIT 2,3",
);
}
{
const sql = Q.select()
.from("hello")
.as("A")
.leftJoin("world")
.as("B")
.on("A.id=B.id")
.where("1")
.and("2")
.offset(2)
.limit(3)
.build();
expect(sql).to.equal(
"SELECT `B`.* FROM `hello` AS `A` LEFT JOIN `world` AS `B` ON A.id=B.id WHERE 1 AND 2 LIMIT 2,3",
);
}
{
const sql = Q.select("x", "y")
.from("hello")
Expand Down Expand Up @@ -104,7 +120,7 @@ test("leftJoin", function() {

test("rightJoin", function() {
{
const sql = Q.select()
const sql = Q.select("*")
.from("hello")
.as("A")
.rightJoin("world")
Expand Down Expand Up @@ -153,7 +169,7 @@ test("rightJoin", function() {

test("join", function() {
{
const sql = Q.select()
const sql = Q.select("*")
.from("hello")
.as("A")
.join("world")
Expand Down Expand Up @@ -217,4 +233,20 @@ test("join", function() {
"SELECT `A`.`x`, `A`.`y`, `B`.`z`, `C`.`k` FROM `hello` AS `A` LEFT JOIN `world` AS `B` ON A.id=B.id LEFT JOIN `world` AS `C` ON B.uid=C.id WHERE 1 AND 2 LIMIT 2,3",
);
}
{
const sql = Q.select("x", "y", "count(y) AS c1")
.from("hello")
.as("A")
.join("world", ["z", "count(z) as c2"])
.as("B")
.on("A.id=B.id")
.where("1")
.and("2")
.offset(2)
.limit(3)
.build();
expect(sql).to.equal(
"SELECT `A`.`x`, `A`.`y`, count(y) AS c1, `B`.`z`, count(z) as c2 FROM `hello` AS `A` JOIN `world` AS `B` ON A.id=B.id WHERE 1 AND 2 LIMIT 2,3",
);
}
});

0 comments on commit 15648d2

Please sign in to comment.