MCPcopy
hub / github.com/sequelize/sequelize / escape

Function escape

lib/sql-string.js:21–93  ·  lib/sql-string.js::escape
(val, timeZone, dialect, format)

Source from the content-addressed store, hash-verified

19exports.arrayToList = arrayToList;
20
21function escape(val, timeZone, dialect, format) {
22 let prependN = false;
23 if (val === undefined || val === null) {
24 return class="st">'NULL';
25 }
26 switch (typeof val) {
27 case class="st">'boolean':
28 class="cm">// SQLite doesn't have true/false support. MySQL aliases true/false to 1/0
29 class="cm">// for us. Postgres actually has a boolean type with true/false literals,
30 class="cm">// but sequelize doesn't use it yet.
31 if ([class="st">'sqlite', class="st">'mssql'].includes(dialect)) {
32 return +!!val;
33 }
34 return (!!val).toString();
35 case class="st">'number':
36 return val.toString();
37 case class="st">'string':
38 class="cm">// In mssql, prepend N to all quoted vals which are originally a string (for
39 class="cm">// unicode compatibility)
40 prependN = dialect === class="st">'mssql';
41 break;
42 }
43
44 if (val instanceof Date) {
45 val = dataTypes[dialect].DATE.prototype.stringify(val, { timezone: timeZone });
46 }
47
48 if (Buffer.isBuffer(val)) {
49 if (dataTypes[dialect].BLOB) {
50 return dataTypes[dialect].BLOB.prototype.stringify(val);
51 }
52
53 return dataTypes.BLOB.prototype.stringify(val);
54 }
55
56 if (Array.isArray(val)) {
57 const partialEscape = escVal => escape(escVal, timeZone, dialect, format);
58 if (dialect === class="st">'postgres' && !format) {
59 return dataTypes.ARRAY.prototype.stringify(val, { escape: partialEscape });
60 }
61 return arrayToList(val, timeZone, dialect, format);
62 }
63
64 if (!val.replace) {
65 throw new Error(`Invalid value ${logger.inspect(val)}`);
66 }
67
68 if ([class="st">'postgres', class="st">'sqlite', class="st">'mssql', class="st">'snowflake', class="st">'db2'].includes(dialect)) {
69 class="cm">// http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS
70 class="cm">// http://stackoverflow.com/q/603572/130598
71 val = val.replace(/class="st">'/g, "''");
72
73 if (dialect === class="st">'postgres') {
74 class="cm">// null character is not allowed in Postgres
75 val = val.replace(/\0/g, class="st">'\\0');
76 }
77 } else {
78

Callers 4

arrayToListFunction · 0.85
partialEscapeFunction · 0.85
formatFunction · 0.85
formatNamedParametersFunction · 0.85

Calls 4

arrayToListFunction · 0.85
inspectMethod · 0.80
toStringMethod · 0.65
stringifyMethod · 0.65

Tested by

no test coverage detected