Merge branch 'master' into master

Author: SeregPie

.eslintignore

@@ -0,0 +1,2 @@
+.nyc_output/
+coverage/

.eslintrc

@@ -5,8 +5,11 @@
   "rules": {
     "comma-dangle": [2, "never"],
     "consistent-return": 2,
-    "indent": ["error", 2, {"SwitchCase": 1}],
+    "eqeqeq": [2, "allow-null"],
+    "indent": [2, 2, { "VariableDeclarator": 2, "SwitchCase": 1 }],
     "key-spacing": [2, { "align": { "beforeColon": true, "afterColon": true, "on": "colon" } }],
+    "keyword-spacing": 2,
+    "new-parens": 2,
     "no-cond-assign": 2,
     "no-constant-condition": 2,
     "no-control-regex": 2,
@@ -23,6 +26,7 @@
     "no-inner-declarations": 2,
     "no-invalid-regexp": 2,
     "no-irregular-whitespace": 2,
+    "no-multiple-empty-lines": [2, { "max": 1 }],
     "no-negated-in-lhs": 2,
     "no-obj-calls": 2,
     "no-regex-spaces": 2,
@@ -31,7 +35,9 @@
     "no-unexpected-multiline": 2,
     "no-unreachable": 2,
     "no-unused-vars": 2,
+    "quotes": [2, "single", { "avoidEscape": true, "allowTemplateLiterals": true }],
     "semi": [2, "always"],
+    "semi-spacing": 2,
     "space-infix-ops": 2,
     "use-isnan": 2,
     "valid-jsdoc": 2,

.gitignore

@@ -2,3 +2,4 @@
 coverage
 node_modules
 npm-debug.log
+package-lock.json

.travis.yml

@@ -9,13 +9,17 @@ node_js:
   - "3.3"
   - "4.8"
   - "5.12"
-  - "6.10"
+  - "6.11"
   - "7.10"
+  - "8.4"
 sudo: false
+dist: precise
 cache:
   directories:
     - node_modules
 before_install:
+  # Skip updating shrinkwrap / lock
+  - "npm config set shrinkwrap false"
   # Setup Node.js version-specific dependencies
   - "test $TRAVIS_NODE_VERSION != '0.6' || npm rm --save-dev nyc"
   - "test $TRAVIS_NODE_VERSION != '0.8' || npm rm --save-dev nyc"

HISTORY.md

@@ -1,3 +1,8 @@
+unreleased
+==========
+
+  * Add `.toSqlString()` escape overriding
+
 2.2.0 / 2016-11-01
 ==================
 

README.md

@@ -70,6 +70,8 @@ Different value types are escaped differently, here is how:
 * Arrays are turned into list, e.g. `['a', 'b']` turns into `'a', 'b'`
 * Nested arrays are turned into grouped lists (for bulk inserts), e.g. `[['a',
   'b'], ['c', 'd']]` turns into `('a', 'b'), ('c', 'd')`
+* Objects that have a `toSqlString` method will have `.toSqlString()` called
+  and the returned value is used as the raw SQL.
 * Objects are turned into `key = 'val'` pairs for each enumerable property on
   the object. If the property's value is a function, it is skipped; if the
   property's value is an object, toString() is called on it and the returned
@@ -79,20 +81,27 @@ Different value types are escaped differently, here is how:
   to insert them as values will trigger MySQL errors until they implement
   support.
 
-If you paid attention, you may have noticed that this escaping allows you
-to do neat things like this:
+You may have noticed that this escaping allows you to do neat things like this:
 
 ```js
 var post  = {id: 1, title: 'Hello MySQL'};
 var sql = SqlString.format('INSERT INTO posts SET ?', post);
 console.log(sql); // INSERT INTO posts SET `id` = 1, `title` = 'Hello MySQL'
 ```
 
+And the `toSqlString` method allows you to form complex queries with functions:
+
+```js
+var CURRENT_TIMESTAMP = { toSqlString: function() { return 'CURRENT_TIMESTAMP()'; } };
+var sql = SqlString.format('UPDATE posts SET modified = ? WHERE id = ?', [CURRENT_TIMESTAMP, 42]);
+console.log(sql); // UPDATE posts SET modified = CURRENT_TIMESTAMP() WHERE id = 42
+```
+
 If you feel the need to escape queries by yourself, you can also use the escaping
 function directly:
 
 ```js
-var sql = 'SELECT * FROM posts WHERE title=' + SqlString.escape("Hello MySQL");
+var sql = 'SELECT * FROM posts WHERE title=' + SqlString.escape('Hello MySQL');
 console.log(sql); // SELECT * FROM posts WHERE title='Hello MySQL'
 ```
 

lib/SqlString.js

@@ -51,6 +51,8 @@ SqlString.escape = function escape(val, stringifyObjects, timeZone) {
         return SqlString.arrayToList(val, timeZone);
       } else if (Buffer.isBuffer(val)) {
         return SqlString.bufferToString(val);
+      } else if (typeof val.toSqlString === 'function') {
+        return String(val.toSqlString());
       } else if (stringifyObjects) {
         return escapeString(val.toString());
       } else {
@@ -97,8 +99,8 @@ SqlString.format = function format(sql, values, stringifyObjects, timeZone) {
 
   while (valuesIndex < values.length && (match = placeholdersRegex.exec(sql))) {
     var value = match[0] === '??'
-        ? SqlString.escapeId(values[valuesIndex])
-        : SqlString.escape(values[valuesIndex], stringifyObjects, timeZone);
+      ? SqlString.escapeId(values[valuesIndex])
+      : SqlString.escape(values[valuesIndex], stringifyObjects, timeZone);
 
     result += sql.slice(chunkIndex, match.index) + value;
     chunkIndex = placeholdersRegex.lastIndex;
@@ -165,7 +167,7 @@ SqlString.dateToString = function dateToString(date, timeZone) {
 };
 
 SqlString.bufferToString = function bufferToString(buffer) {
-  return "X" + escapeString(buffer.toString('hex'));
+  return 'X' + escapeString(buffer.toString('hex'));
 };
 
 SqlString.objectToValues = function objectToValues(object, timeZone) {
@@ -222,7 +224,7 @@ function convertTimezone(tz) {
 
   var m = tz.match(/([\+\-\s])(\d\d):?(\d\d)?/);
   if (m) {
-    return (m[1] == '-' ? -1 : 1) * (parseInt(m[2], 10) + ((m[3] ? parseInt(m[3], 10) : 0) / 60)) * 60;
+    return (m[1] === '-' ? -1 : 1) * (parseInt(m[2], 10) + ((m[3] ? parseInt(m[3], 10) : 0) / 60)) * 60;
   }
   return false;
 }

package.json

@@ -6,6 +6,7 @@
     "Adri Van Houdt <[email protected]>",
     "Douglas Christopher Wilson <[email protected]>",
     "fengmk2 <[email protected]> (http://fengmk2.github.com)",
+    "Kevin Jose Martin <[email protected]>",
     "Nathan Woltman <[email protected]>"
   ],
   "license": "MIT",
@@ -17,7 +18,7 @@
   ],
   "repository": "mysqljs/sqlstring",
   "devDependencies": {
-    "eslint": "3.19.0",
+    "eslint": "4.4.1",
     "eslint-plugin-markdown": "1.0.0-beta.6",
     "nyc": "10.3.2",
     "urun": "0.0.8",

test/unit/test-SqlString.js

@@ -4,35 +4,47 @@ var test      = require('utest');
 
 test('SqlString.escapeId', {
   'value is quoted': function() {
-    assert.equal('`id`', SqlString.escapeId('id'));
+    assert.equal(SqlString.escapeId('id'), '`id`');
   },
 
   'value can be a number': function() {
-    assert.equal('`42`', SqlString.escapeId(42));
+    assert.equal(SqlString.escapeId(42), '`42`');
+  },
+
+  'value can be an object': function() {
+    assert.equal(SqlString.escapeId({}), '`[object Object]`');
+  },
+
+  'value toString is called': function() {
+    assert.equal(SqlString.escapeId({ toString: function() { return 'foo'; } }), '`foo`');
+  },
+
+  'value toString is quoted': function() {
+    assert.equal(SqlString.escapeId({ toString: function() { return 'f`oo'; } }), '`f``oo`');
   },
 
   'value containing escapes is quoted': function() {
-    assert.equal('`i``d`', SqlString.escapeId('i`d'));
+    assert.equal(SqlString.escapeId('i`d'), '`i``d`');
   },
 
   'value containing separator is quoted': function() {
-    assert.equal('`id1`.`id2`', SqlString.escapeId('id1.id2'));
+    assert.equal(SqlString.escapeId('id1.id2'), '`id1`.`id2`');
   },
 
   'value containing separator and escapes is quoted': function() {
-    assert.equal('`id``1`.`i``d2`', SqlString.escapeId('id`1.i`d2'));
+    assert.equal(SqlString.escapeId('id`1.i`d2'), '`id``1`.`i``d2`');
   },
 
   'value containing separator is fully escaped when forbidQualified': function() {
-    assert.equal('`id1.id2`', SqlString.escapeId('id1.id2', true));
+    assert.equal(SqlString.escapeId('id1.id2', true), '`id1.id2`');
   },
 
   'arrays are turned into lists': function() {
-    assert.equal(SqlString.escapeId(['a', 'b', 't.c']), "`a`, `b`, `t`.`c`");
+    assert.equal(SqlString.escapeId(['a', 'b', 't.c']), '`a`, `b`, `t`.`c`');
   },
 
   'nested arrays are flattened': function() {
-    assert.equal(SqlString.escapeId(['a', ['b', ['t.c']]]), "`a`, `b`, `t`.`c`");
+    assert.equal(SqlString.escapeId(['a', ['b', ['t.c']]]), '`a`, `b`, `t`.`c`');
   },
 
   'instances of Escaped are not quoted': function() {
@@ -66,10 +78,30 @@ test('SqlString.escape', {
     assert.equal(SqlString.escape({a: 'b', c: function() {}}), "`a` = 'b'");
   },
 
+  'object values toSqlString is called': function() {
+    assert.equal(SqlString.escape({id: { toSqlString: function() { return 'LAST_INSERT_ID()'; } }}), '`id` = LAST_INSERT_ID()');
+  },
+
+  'objects toSqlString is called': function() {
+    assert.equal(SqlString.escape({ toSqlString: function() { return '@foo_id'; } }), '@foo_id');
+  },
+
+  'objects toSqlString is not quoted': function() {
+    assert.equal(SqlString.escape({ toSqlString: function() { return 'CURRENT_TIMESTAMP()'; } }), 'CURRENT_TIMESTAMP()');
+  },
+
   'nested objects are cast to strings': function() {
     assert.equal(SqlString.escape({a: {nested: true}}), "`a` = '[object Object]'");
   },
 
+  'nested objects use toString': function() {
+    assert.equal(SqlString.escape({a: { toString: function() { return 'foo'; } }}), "`a` = 'foo'");
+  },
+
+  'nested objects use toString is quoted': function() {
+    assert.equal(SqlString.escape({a: { toString: function() { return "f'oo"; } }}), "`a` = 'f\\'oo'");
+  },
+
   'arrays are turned into lists': function() {
     assert.equal(SqlString.escape([1, 2, 'c']), "1, 2, 'c'");
   },
@@ -82,6 +114,10 @@ test('SqlString.escape', {
     assert.equal(SqlString.escape([1, {nested: true}, 2]), "1, '[object Object]', 2");
   },
 
+  'nested objects inside arrays use toString': function() {
+    assert.equal(SqlString.escape([1, { toString: function() { return 'foo'; } }, 2]), "1, 'foo', 2");
+  },
+
   'strings are quoted': function() {
     assert.equal(SqlString.escape('Super'), "'Super'");
   },
@@ -256,6 +292,9 @@ test('SqlString.format', {
 
     var sql = SqlString.format('?', { toString: function () { return 'hello'; } }, true);
     assert.equal(sql, "'hello'");
+
+    var sql = SqlString.format('?', { toSqlString: function () { return '@foo'; } }, true);
+    assert.equal(sql, '@foo');
   },
 
   'sql is untouched if no values are provided': function () {
@@ -267,4 +306,4 @@ test('SqlString.format', {
     var sql = SqlString.format('SELECT COUNT(*) FROM table', ['a', 'b']);
     assert.equal(sql, 'SELECT COUNT(*) FROM table');
   }
-});
+});