jens/flipper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape table names and keys

Browse Source 
Summary:
https://github.com/facebook/flipper/issues/1426

Changelog: [Databases] Fixed escaping of column names, see #1426

Reviewed By: jknoxville

Differential Revision: D23293248

fbshipit-source-id: 6acbb87727524ba2bdc7973cad8c124a3ee026e6
This commit is contained in:
Michel Weststrate
2020-08-24 08:06:56 -07:00
committed by Facebook GitHub Bot
parent 39a465b8b8
commit 0b528f19ce
2 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
desktop/plugins/databases/UpdateQueryUtil.tsx
View File

@@ -58,9 +58,9 @@ export function constructQueryClause(
? `'${val.value.replace(/'/g, "''")}'`
: `${val.value}`;
if (idx <= 0) {
return `${key}=${valueString}`;
return `\`${key}\`=${valueString}`;
} else {
return `${clauses} ${connector} ${key}=${valueString}`;
return `${clauses} ${connector} \`${key}\`=${valueString}`;
}
},
'',
@@ -72,7 +72,7 @@ export function constructUpdateQuery(
where: {[key: string]: Value},
change: {[key: string]: Value},
): string {
return `UPDATE ${table}
return `UPDATE \`${table}\`
SET ${constructQueryClause(change, ',')}
WHERE ${constructQueryClause(where, 'AND')}`;
}

18
desktop/plugins/databases/__test__/UpdateQueryUtil.node.tsx
View File

@@ -233,19 +233,19 @@ test('constructQueryClause with exactly one string value', () => {
{key1: {type: 'string', value: 'this is a string'}},
'connecter',
),
).toEqual(`key1='this is a string'`);
).toEqual(`\`key1\`='this is a string'`);
});
test('constructQueryClause with exactly one integer value', () => {
expect(
constructQueryClause({key1: {type: 'integer', value: 1337}}, 'connecter'),
).toEqual(`key1=1337`);
).toEqual(`\`key1\`=1337`);
});
test('constructQueryClause with exactly one null value', () => {
expect(
constructQueryClause({key1: {type: 'null', value: null}}, 'connecter'),
).toEqual(`key1=NULL`);
).toEqual(`\`key1\`=NULL`);
});
test("constructQueryClause with special character (single quote ('))", () => {
@@ -254,7 +254,7 @@ test("constructQueryClause with special character (single quote ('))", () => {
{key1: {type: 'string', value: "this is a 'single quote'"}},
'connecter',
),
).toEqual(`key1='this is a ''single quote'''`);
).toEqual(`\`key1\`='this is a ''single quote'''`);
});
test('constructQueryClause with multiple value', () => {
@@ -265,7 +265,7 @@ test('constructQueryClause with multiple value', () => {
};
expect(constructQueryClause(values, 'connector')).toEqual(
`key1='this is a string' connector key2=NULL connector key3=13.37`,
`\`key1\`='this is a string' connector \`key2\`=NULL connector \`key3\`=13.37`,
);
});
@@ -278,7 +278,7 @@ test('constructQueryClause with multiple value with single quotes mixed in strin
};
expect(constructQueryClause(values, 'connector')).toEqual(
`key1='this is ''a'' string' connector key2=NULL connector key3=13.37 connector key4='there are single quotes ''here'' and ''there'''`,
`\`key1\`='this is ''a'' string' connector \`key2\`=NULL connector \`key3\`=13.37 connector \`key4\`='there are single quotes ''here'' and ''there'''`,
);
});
@@ -292,9 +292,9 @@ test('constructUpdateQuery', () => {
key4: {type: 'number', value: 13371337},
};
expect(constructUpdateQuery('table_name', whereClause, setClause)).toEqual(
`UPDATE table_name
SET key1='this is a string' , key2=NULL , key3=13.37
WHERE key4=13371337`,
`UPDATE \`table_name\`
SET \`key1\`='this is a string' , \`key2\`=NULL , \`key3\`=13.37
WHERE \`key4\`=13371337`,
);
});