MCPcopy
hub / github.com/sequelize/sequelize / escape

Function escape

src/sql-string.js:22–160  ·  view source on GitHub ↗
(val, timeZone, dialect, format)

Source from the content-addressed store, hash-verified

20exports.arrayToList = arrayToList;
21
22function escape(val, timeZone, dialect, format) {
23 let prependN = false;
24 if (val === undefined || val === null) {
25 return 'NULL';
26 }
27 switch (typeof val) {
28 case 'boolean':
29 // SQLite doesn't have true/false support. MySQL aliases true/false to 1/0
30 // for us. Postgres actually has a boolean type with true/false literals,
31 // but sequelize doesn't use it yet.
32 if (['sqlite', 'mssql', 'oracle'].includes(dialect)) {
33 return +!!val;
34 }
35 return (!!val).toString();
36 case 'number':
37 case 'bigint':
38 return val.toString();
39 case 'string':
40 // In mssql, prepend N to all quoted vals which are originally a string (for
41 // unicode compatibility)
42 prependN = dialect === 'mssql';
43 break;
44 }
45
46 if (val instanceof Date) {
47 val = dataTypes[dialect].DATE.prototype.stringify(val, { timezone: timeZone });
48 }
49
50 if (Buffer.isBuffer(val)) {
51 if (dataTypes[dialect].BLOB) {
52 return dataTypes[dialect].BLOB.prototype.stringify(val);
53 }
54
55 return dataTypes.BLOB.prototype.stringify(val);
56 }
57
58 if (Array.isArray(val)) {
59 const partialEscape = escVal => escape(escVal, timeZone, dialect, format);
60 if (dialect === 'postgres' && !format) {
61 return dataTypes.ARRAY.prototype.stringify(val, { escape: partialEscape });
62 }
63 return arrayToList(val, timeZone, dialect, format);
64 }
65
66 if (!val.replace) {
67 throw new Error(`Invalid value ${logger.inspect(val)}`);
68 }
69
70 if (['postgres', 'sqlite', 'mssql', 'snowflake', 'db2'].includes(dialect)) {
71 // http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS
72 // http://stackoverflow.com/q/603572/130598
73 val = val.replace(/'/g, "''");
74
75 if (dialect === 'postgres') {
76 // null character is not allowed in Postgres
77 val = val.replace(/\0/g, '\\0');
78 }
79 } else if (dialect === 'oracle' && typeof val === 'string') {

Callers 4

arrayToListFunction · 0.85
partialEscapeFunction · 0.85
formatFunction · 0.85
formatNamedParametersFunction · 0.85

Calls 5

arrayToListFunction · 0.85
inspectMethod · 0.80
formatMethod · 0.80
toStringMethod · 0.65
stringifyMethod · 0.65

Tested by

no test coverage detected