Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
return _.map(v, function(v, k) {
// the table name for the key and the escaped identifier
return mysql.escapeId(tables[k]) + '.' + mysql.escapeId(v);
}).join(' = ');
}).join(' AND ');
pool.getConnection(function(err, connection) {
if(err) {
console.log('Error connecting to database');
return callback(err);
}
var update = "";
for(var col in k_v){
if(update.length>0){
update+=', ';
}
update += mysql.escapeId(col)+'=VALUES('+mysql.escapeId(col)+')';
}
var q ='INSERT INTO ' + mysql.escapeId(dbName + '.stacks')+' (`Name`, `Region`, `Ready`, `Template`, `Parts`, `Variables`) VALUES(?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE '+update+';';
connection.query(q, [k_v.Name, k_v.Region, k_v.Ready||false, JSON.stringify(k_v.Template), JSON.stringify(k_v.Parts), JSON.stringify(k_v.Variables)], function(err, result) {
connection.release();
if(err){
console.log('Error adding stack');
return callback(err);
}
return callback(null, result);
});
});
}
pool.getConnection(function(err, connection) {
if(err) {
console.log('Error connecting to database');
return callback(err);
}
var update = "";
for(var col in k_v){
if(update.length>0){
update+=', ';
}
update += mysql.escapeId(col)+'=VALUES('+mysql.escapeId(col)+')';
}
var q ='INSERT INTO ' + mysql.escapeId(dbName + '.stacks')+' (`Name`, `Region`, `Ready`, `Template`, `Parts`, `Variables`) VALUES(?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE '+update+';';
connection.query(q, [k_v.Name, k_v.Region, k_v.Ready||false, JSON.stringify(k_v.Template), JSON.stringify(k_v.Parts), JSON.stringify(k_v.Variables)], function(err, result) {
connection.release();
if(err){
console.log('Error adding stack');
return callback(err);
}
return callback(null, result);
});
});
}
filters.map((filter, index) => {
if(index === 0) {
query = [
query,
'WHERE',
mysql.escapeId(filter.by),
(filter.if || filter.onlyIf).trim(),
].join(' ');
}
else {
query = [
query,
filter.if && 'OR',
filter.onlyIf && 'AND',
mysql.escapeId(filter.by),
(filter.if || filter.onlyIf).trim(),
].join(' ');
}
});
}
var escapedTuples = basic.keys(tuples).map(function(key) {
var value = tuples[key];
var part = mysql.escapeId(key) + '=';
if (typeof(value) == 'string') {
value = mysql.escape(value);
}
part += value;
return part;
});
sql = escapedTuples.join(seperator);
function makeSQLSelect(table, columns, where, condition) {
let col = '';
if (columns instanceof (Array)) {
col = columns.join(',');
}
let sql = "SELECT " + col + " FROM " + mysql.escapeId(table) + " WHERE 1=1 ";
if (where) {
sql += " AND " + convertObjectToSQLStringKV(where, '=', 'and');
}
sql += conditionToSQLString(condition);
return sql;
}
function escapeDelimitedValue (value, delimiter) {
if (delimiter === '`') {
return mysql.escapeId(String(value)).replace(/^`|`$/g, '')
}
const escaped = mysql.escape(String(value))
return escaped.substring(1, escaped.length - 1)
}
db.getConnection(function (conErr, connection) {
if (conErr) {
return next(conErr);
}
var query, columns = '*';
if (opts && opts.columns) {
columns = mysql.escapeId(opts.columns);
}
try {
query = andEscape("SELECT " + columns + " FROM " + table + " WHERE ??", attrs);
} catch (e) {
return next(e);
}
if (opts && opts.order) {
query += ' ORDER BY ' + mysql.escapeId(opts.order);
}
if (opts && opts.order && opts.desc) {
query += ' DESC ';
}
if (opts && opts.limit) {
query += ' LIMIT ' + mysql.escape(opts.limit);
}
if (opts && opts.limit && opts.offset) {
query += ' OFFSET ' + mysql.escape(opts.offset);
}
connection.query(query, function (err, rows) {
connection.release();
next(err, rows);
});
});
},
filters.map((filter, index) => {
if(index === 0) {
query = [
query,
'WHERE',
mysql.escapeId(filter.by),
(filter.if || filter.onlyIf).trim(),
].join(' ');
}
else {
query = [
query,
filter.if && 'OR',
filter.onlyIf && 'AND',
mysql.escapeId(filter.by),
(filter.if || filter.onlyIf),
].join(' ');
}
});
}