Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
if(!name || !value){
return this;
}
mode = mode || ''; //默认用户自己传 % 或 _ 符号
not = not ? ' NOT' : '';
type = type || 'AND';
value += '';
if(!mode){
// 自定义模式 不转义
value = value.replace(/\"/g,'\\\"');
}else{
value = mysql.escape(value);
}
if(mode=='right'){
value = '%'+value;
}else if(mode=='left'){
value = value+'%';
}else if(mode=='both'){
value = '%'+value+'%';
}else{
value = value; //默认全匹配
}
var where = name+not+' LIKE "'+value+'"';//"{$key} {$not} LIKE '{$value}'";
this.where(where,null,null,type);
function write ( req, res, next )
{
var sp_script = sprintf ( 'CALL %s( %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s );',
'sp_designerTreeItem_write',
mysql.escape ( req.body.designerTreeId ),
mysql.escape ( req.body.businessId ),
mysql.escape ( req.body.idx ),
mysql.escape ( req.body.fill ),
mysql.escape ( req.body.radius ),
mysql.escape ( req.body.cx ),
mysql.escape ( req.body.cy ),
mysql.escape ( req.body.selected ),
mysql.escape ( req.body.min_height ),
mysql.escape ( req.body.height ),
mysql.escape ( req.body.width ),
mysql.escape ( req.body.is_primary ),
mysql.escape ( req.body.message_text )
);
return _controllerBase.sp_exec ( req, res, next, vm, sp_script );
}
params.table.values.map(value => mysql.escape(value)),
')'
Filter.prototype.lessThanEquals = function (arg) {
this.opperator = " <= ";
this.filtVal = arg;
this.sql = " " + this.field + " " + this.opperator + " " + mysql.escape(this.filtVal) + " ";
this.__wizz.filters.push(this.sql);
return this.__modQ;
};
var objescape = function objescape(object){
for(var pro in object){
object[pro] = mysql.escape(object[pro]);
}
return object;
};
db_utils.prototype.registerService = function (serviceName, port, protocol, callback) {
var connection = conn();
var response = {
message: '',
result: ''
};
connection.query("INSERT INTO services (name, port, protocol) VALUES (" + mysql.escape(serviceName) + " , " + mysql.escape(port) + " , " + mysql.escape(protocol) + ")", function (err, result) {
if (err != null) {
response.message = err;
response.result = "ERROR";
disconn(connection);
callback(response);
} else {
response.message = result;
response.result = "SUCCESS";
disconn(connection);
callback(response);
}
});
};
db_utils.prototype.deleteDriver = function (driver, callback) {
var connection = conn();
var response = {
message: '',
result: ''
};
if (isNaN(driver))
var query = "DELETE FROM drivers WHERE name=" + mysql.escape(driver);
else
var query = "DELETE FROM drivers WHERE id=" + mysql.escape(driver);
connection.query(query, function (err, result) {
if (err != null) {
response.message = err;
response.result = "ERROR";
logger.error("deleteDriver: " + response.message);
disconn(connection);
callback(response);
} else {
response.message = result;
response.result = "SUCCESS";
disconn(connection);
callback(response);
function write ( req, res, next )
{
var sp_script = sprintf ( 'CALL %s( %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s );',
'sp_designerTreeItemConnection_write',
mysql.escape ( req.body.designerTreeId ),
mysql.escape ( req.body.businessId ),
mysql.escape ( req.body.idx ),
mysql.escape ( req.body.src_terminal_idx ),
mysql.escape ( req.body.dst_terminal_idx ),
mysql.escape ( req.body.selected ),
mysql.escape ( req.body.src_cx ),
mysql.escape ( req.body.src_cy ),
mysql.escape ( req.body.src_ct ),
mysql.escape ( req.body.dst_cx ),
mysql.escape ( req.body.dst_cy ),
mysql.escape ( req.body.dst_ct ),
mysql.escape ( req.body.path )
);
return _controllerBase.sp_exec ( req, res, next, vm, sp_script );
}
function formatValue(stuff){
if(typeof stuff=='number'){
return stuff;
}
if(typeof stuff=='string'){
return mysql.escape(stuff); //此函数已经添加引号
}
if(isArray(stuff)){ //数组
var re = [];
for(var s in stuff){
re.push(formatValue(stuff[s]))
}
return re.join(',');
}
if(stuff instanceof Object){ //对象
var re = [];
for(var s in stuff){
re.push(escapeId(s)+'='+formatValue(stuff[s]))
}
return re.join(',');
}
}
conn.query(sql, function (err, result) {
if (err) {
utility.logMsg(err);
conn.release();
next(err);
}
if (typeof result !== 'undefined' && result.length > 0) {
conn.release();
utility.logMsg("[Fail] '/registerUser' with username " + username);
res.json(failureRes);
} else {
sql = "INSERT INTO `users` (`fname`, `lname`, `address`, `city`, `state`, `zip`, `email`, `username`, `password`, `role`) VALUES (" +
mysql.escape(fname) + ", " + mysql.escape(lname) + ", " + mysql.escape(address) + ", " + mysql.escape(city) + ", " +
mysql.escape(state) + ", " + mysql.escape(zip) + ", " + mysql.escape(email) + ", " + mysql.escape(username) + ", " +
mysql.escape(password) + ", " + mysql.escape("customer") + ")";
conn.query(sql, function (err, result) {
conn.release();
if (err) {
utility.logMsg(err);
next(err);
}
var successMessage = fname + " was registered successfully";
utility.logMsg("[Success] '/registerUser' with username " + username);
res.json({
message: successMessage
});
});
}
});