possibility to ignore values in escape and escapeId #21
Conversation
SeregPie
changed the title
|
I think Your example. var CURRENT_TIMESTAMP = { toSqlString: function() { return 'CURRENT_TIMESTAMP()'; } };
var sql = SqlString.format('UPDATE posts SET modified = ? WHERE id = ?', [CURRENT_TIMESTAMP, 42]);Could be just like this. var sql = SqlString.format('UPDATE posts SET modified = ? WHERE id = ?', [SqlString.escaped('CURRENT_TIMESTAMP()'), 42]);And you can still use objects if you want, by using the standard var CURRENT_TIMESTAMP = { toString: function() { return 'CURRENT_TIMESTAMP()'; } };
var sql = SqlString.format('UPDATE posts SET modified = ? WHERE id = ?', [SqlString.escaped(CURRENT_TIMESTAMP), 42]); |
|
Why open a new PR without commenting that in the other PR first? At least right now, I can't merge this due tobmerge conflicts. Can you resolve them? |
|
resolved |
There was a problem hiding this comment.
Please implement it in terms of the nee toSqlString and not using instanceof checks. The instanceof checks will not work if a dependency tree happens to have two copies of this module and the user makes the escaped objects from one and the other reads them, ending up with still being escaped.
|
Hi @SeregPie I see you closed this PR. I'm going to land this tonight to get a new version, in which the implementation would be basically what you write here, except with the function Escaped(val) {
this.toSqlString = function toSqlString() {
return String(val);
};
}Not sure why the closure instead of changing it, and I can commit this under you as the author, but don't want to do that unless you are OK with it. Probably if I don't hear anything in the next 10 hours or so, I'll just commit myself, otherwise let me know if you want to be the author. |
|
Sorry. Yes, you can commit it this way. Thank you. |
Hello.
Nearly a year ago I created an issue.
mysqljs/mysql#1542
Now I take the task in my hand.
=)