Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Column escaping is broken when using MySQL version 8.0.21 #57

Open
dovidgef opened this issue Feb 2, 2021 · 3 comments
Open

Column escaping is broken when using MySQL version 8.0.21 #57

dovidgef opened this issue Feb 2, 2021 · 3 comments
Labels
enhancement

Comments

@dovidgef
Copy link

dovidgef commented Feb 2, 2021

It appears that the issue I posted in the mysql2 repo really points to an issue related to code within this library.

mysql2 Issue #1283

Would it make sense to update the escapeId method to skip quoting columns named * perhaps?
Or at least add a flag that would optionally tell escapeId to skip quoting *?
@dougwilson
Copy link
Member

Hi @dovidgef that is interesting. Not escaping * wouldn't make sense, as it seems like that could legitimately be an actual column name, so skipping it would make there be no way to actually select a column with that name.

You can always provide raw SQL to any ? or ?? sequence in this module using SqlString.raw(). You can find more information in the README under the various sections.

@dougwilson
Copy link
Member

dougwilson commented Feb 2, 2021
edited
Loading

Sorry, I know I said ?? above, but no, the raw SQL does not actually work with ??, only ?. This is because the ?? sequence does not perform any type coercion and instead only accepts strings. I think this can be improved to add support for raw input, which would address your use case. Sorry for that first response!

Basically, we can add the above and then the following would work as expected:

SqlString.format('SELECT ?? FROM ??', [[SqlString.raw('*')], 'testTable']) // => SELECT * FROM `testTable`

(you can always declare const SQL_WILDCARD_COL = SqlString.raw('*') to make queries more readable as well)

@dougwilson dougwilson reopened this Feb 2, 2021
@dovidgef dovidgef mentioned this issue Feb 3, 2021
Open
@dovidgef
Copy link
Author

dovidgef commented Feb 3, 2021

I went ahead and created a PR to add this feature.

dougwilson pushed a commit to dovidgef/sqlstring that referenced this issue Mar 7, 2022
@dovidgef @dougwilson
Add .toSqlString() escapeId overriding
3ce9704 
closes mysqljs#57
closes mysqljs#58
dougwilson pushed a commit to dovidgef/sqlstring that referenced this issue Mar 7, 2022
@dovidgef @dougwilson
Add .toSqlString() escapeId overriding
2ccc17a 
closes mysqljs#57
closes mysqljs#58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dougwilson @dovidgef