* Check if a LIMIT clause uses a parameter placeholder (not a literal number). * Strips comments and string literals first to avoid false positives.
(sql: string)
| 107 | * Strips comments and string literals first to avoid false positives. |
| 108 | */ |
| 109 | static hasParameterizedLimit(sql: string): boolean { |
| 110 | // Strip comments and strings to avoid matching LIMIT inside them |
| 111 | const cleanedSQL = stripCommentsAndStrings(sql); |
| 112 | // Check for parameterized LIMIT (excluding literal numbers) |
| 113 | const parameterizedLimitRegex = /\blimit\s+(?:\$\d+|\?|@p\d+)/i; |
| 114 | return parameterizedLimitRegex.test(cleanedSQL); |
| 115 | } |
| 116 | |
| 117 | /** |
| 118 | * Apply maxRows limit to a SELECT query only |
no test coverage detected