How to use sqlstring - 10 common examples

To help you get started, we’ve selected a few sqlstring examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github LinkedIMDb / LinkedIMDb / Application / server / controllers / authController.js View on Github external
authController.createUser = (req, res, next) => {
  // Hash password using the salt;
  const hashedPassword = bcrypt.hashSync(req.body.password, SALT_WORK_FACTOR);
  db.query(
    sqlstring.format(
      'INSERT INTO user (username, email, password, firstname, lastname) VALUES (?,?,?,?,?)', [req.body.username, req.body.email, hashedPassword, req.body.firstname, req.body.lastname]), 
    (err, results, fields) => {
      if (err) return res.status(400).send(err);
      else {
        const user_id = results.insertId;
        console.log(user_id);
        const token = jwt.sign(user_id, jwtSecret);
        res.locals.jwt = token;
        return next();
      }
    }
  );
}
github cognitom / momy / lib / types.js View on Github external
convert: val => {
      val = (val || '').toString()
      val = val.substring(0, 255)
      val = sqlstring.escape(val) // escape \0 \b \t \n \r \x1a
      val = val.replace(controlRegex, '')
      return val
    }
  },
github thiagodp / concordialang / dist / modules / util / QueryReferenceReplacer.js View on Github external
wrapValue(content) {
        return sqlstring_1.escape(content);
    }
    // private wrapName( content: string ): string {
github midas-science / midas / source / Loader / MySQLLoader.js View on Github external
async _create_columns(table_name, columns) {
    	table_name = SqlString.escapeId(table_name);
    	let connection = await this._get_connection();

    	// build statement
    	let statement = `ALTER TABLE ${table_name}`;
    	columns.forEach((column, index) => {
    		column = this._escape_column_name(column);
    		statement += `ADD COLUMN \`${column}\` varchar(255),`;
    	})
    	statement = statement.slice(0, -1);

    	let result = await connection.query(statement);
    	connection.close();
    	return result;
    }
github midas-science / midas / source / Loader / MySQLLoader.js View on Github external
temp_c = temp_c.filter(e => e !== '`_id_midas`');
			no_id = 'SET _id_midas = NULL;'
		}

		//temp_c.splice(1,1);
		let infile_statement = `LOAD DATA LOCAL INFILE '${file_path}' INTO TABLE ${SqlString.escapeId(temporary_table_name)}
									FIELDS TERMINATED BY ','
									OPTIONALLY ENCLOSED BY '"'
									LINES TERMINATED BY '\r\n'
								  IGNORE 1 LINES
								  (${temp_c.join(',')})
								  ${no_id}`;
		await connection.query(infile_statement);

		// Insert data
		let insert_statement = `INSERT INTO ${SqlString.escapeId(table_name)}
								SELECT * FROM ${SqlString.escapeId(temporary_table_name)}
								ON DUPLICATE KEY UPDATE ${temp_c.map(column => `${column} = VALUES(${column})` ).join(',')};`
		await connection.execute(insert_statement);

		// Drop temporary table
		let drop_temp_table_statement = `DROP TEMPORARY TABLE ${SqlString.escapeId(temporary_table_name)}`;
		await connection.execute(drop_temp_table_statement);

		// Remove temporary file
		await fs.remove(file_path);

		// Close connection
		connection.close();
	}
github midas-science / midas / source / Loader / MySQLLoader.js View on Github external
_escape_column_name(name) {
    	return SqlString.escape(name.trim().toLowerCase().replace(/ /g, '_').replace(/'/g, '')).replace(/'/g, '');
    }

sqlstring

Simple SQL escape and format for MySQL

MIT
Latest version published 3 years ago

Package Health Score

71 / 100
Full package analysis