How to use the sqlstring.escapeId function in sqlstring

To help you get started, we’ve selected a few sqlstring examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github midas-science / midas / source / Loader / MySQLLoader.js View on Github external
async _create_columns(table_name, columns) {
    	table_name = SqlString.escapeId(table_name);
    	let connection = await this._get_connection();

    	// build statement
    	let statement = `ALTER TABLE ${table_name}`;
    	columns.forEach((column, index) => {
    		column = this._escape_column_name(column);
    		statement += `ADD COLUMN \`${column}\` varchar(255),`;
    	})
    	statement = statement.slice(0, -1);

    	let result = await connection.query(statement);
    	connection.close();
    	return result;
    }
github midas-science / midas / source / Loader / MySQLLoader.js View on Github external
temp_c = temp_c.filter(e => e !== '`_id_midas`');
			no_id = 'SET _id_midas = NULL;'
		}

		//temp_c.splice(1,1);
		let infile_statement = `LOAD DATA LOCAL INFILE '${file_path}' INTO TABLE ${SqlString.escapeId(temporary_table_name)}
									FIELDS TERMINATED BY ','
									OPTIONALLY ENCLOSED BY '"'
									LINES TERMINATED BY '\r\n'
								  IGNORE 1 LINES
								  (${temp_c.join(',')})
								  ${no_id}`;
		await connection.query(infile_statement);

		// Insert data
		let insert_statement = `INSERT INTO ${SqlString.escapeId(table_name)}
								SELECT * FROM ${SqlString.escapeId(temporary_table_name)}
								ON DUPLICATE KEY UPDATE ${temp_c.map(column => `${column} = VALUES(${column})` ).join(',')};`
		await connection.execute(insert_statement);

		// Drop temporary table
		let drop_temp_table_statement = `DROP TEMPORARY TABLE ${SqlString.escapeId(temporary_table_name)}`;
		await connection.execute(drop_temp_table_statement);

		// Remove temporary file
		await fs.remove(file_path);

		// Close connection
		connection.close();
	}
github thiagodp / concordialang / modules / util / ReferenceReplacer.ts View on Github external
private wrapName( content: string ): string {
        return escapeId( content );
    }
github pingcap / tidb-dashboard / ui / lib / utils / xcClient / database.ts View on Github external
function eid(n: string): string {
  return SqlString.escapeId(n, true)
}
github PeterMu / nodebatis / src / lib / sqlBuilder.js View on Github external
exports.getUpdateSql = (tableName, data, idKey = 'id') => {
    let sql = '', params = [], holders = []
    let where = ''
    tableName = escapeId(tableName)
    for (let key in data) {
        if (key !== idKey) {
            holders.push(`${escapeId(key)} = ?`)
            params.push(data[key])
        }
    }
    holders = holders.join(',')
    if (data[idKey]) {
        where = `where ${escapeId(idKey)} = ?`
        params.push(data[idKey])
    }
    sql = `update ${tableName} set ${holders} ${where}`
    return { sql, params }
}
github thiagodp / concordialang / modules / db / ReferenceReplacer.ts View on Github external
private wrapName( content: string ): string {
        if ( this._sentenceMode ) {
            return escapeId( content ).replace( /\`/g, '"' );
        }
        return escapeId( content );
    }
github PeterMu / nodebatis / src / lib / sqlBuilder.js View on Github external
exports.getInsertSql = (tableName, data) => {
    let columns = [], params = [], holders = [], sql = ''
    tableName = escapeId(tableName)
    for (let key in data) {
        columns.push(escapeId(key))
        holders.push('?')
        params.push(data[key])
    }
    columns = columns.join(',')
    holders = holders.join(',')
    sql = `insert into ${tableName} (${columns}) values (${holders})`
    return { sql, params }
}
github sidorares / node-mysql2 / lib / connection.js View on Github external
escapeId(value) {
    return SqlString.escapeId(value, false);
  }
github PeterMu / nodebatis / src / lib / sqlBuilder.js View on Github external
exports.getInsertSql = (tableName, data) => {
    let columns = [], params = [], holders = [], sql = ''
    tableName = escapeId(tableName)
    for (let key in data) {
        columns.push(escapeId(key))
        holders.push('?')
        params.push(data[key])
    }
    columns = columns.join(',')
    holders = holders.join(',')
    sql = `insert into ${tableName} (${columns}) values (${holders})`
    return { sql, params }
}

sqlstring

Simple SQL escape and format for MySQL

MIT
Latest version published 3 years ago

Package Health Score

71 / 100
Full package analysis