fabio286/antares
1
1
Fork 0
mirror of https://github.com/Fabio286/antares.git synced 2025-02-17 12:10:39 +01:00
Code Issues Releases Wiki Activity

fix(PostgreSQL): single quote escape

Browse Source
This commit is contained in:
Fabio Di Stasio 2021-03-18 12:30:06 +01:00
parent 1f80a64fe1
commit 9f6a183d9b
1 changed files with 35 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
src/main/ipc-handlers/tables.js
View File

@ -66,8 +66,17 @@ export default (connections) => {
if ([...NUMBER, ...FLOAT].includes(params.type)) if ([...NUMBER, ...FLOAT].includes(params.type))
escapedParam = params.content; escapedParam = params.content;
else if ([...TEXT, ...LONG_TEXT].includes(params.type)) else if ([...TEXT, ...LONG_TEXT].includes(params.type)) {
switch (connections[params.uid]._client) {
case 'mysql':
case 'maria':
escapedParam = `"${sqlEscaper(params.content)}"`; escapedParam = `"${sqlEscaper(params.content)}"`;
break;
case 'pg':
escapedParam = `'${params.content.replaceAll('\'', '\'\'')}'`;
break;
}
}
else if (ARRAY.includes(params.type)) else if (ARRAY.includes(params.type))
escapedParam = `'${params.content}'`; escapedParam = `'${params.content}'`;
else if (TEXT_SEARCH.includes(params.type)) else if (TEXT_SEARCH.includes(params.type))
@ -93,7 +102,7 @@ export default (connections) => {
switch (connections[params.uid]._client) { switch (connections[params.uid]._client) {
case 'mysql': case 'mysql':
case 'maria': case 'maria':
escapedParam = '""'; escapedParam = '\'\'';
break; break;
case 'pg': case 'pg':
escapedParam = 'decode(\'\', \'hex\')'; escapedParam = 'decode(\'\', \'hex\')';
@ -108,7 +117,7 @@ export default (connections) => {
else if (params.content === null) else if (params.content === null)
escapedParam = 'NULL'; escapedParam = 'NULL';
else else
escapedParam = `"${sqlEscaper(params.content)}"`; escapedParam = `'${sqlEscaper(params.content)}'`;
if (params.primary) { if (params.primary) {
await connections[params.uid] await connections[params.uid]
@ -201,8 +210,17 @@ export default (connections) => {
escapedParam = 'NULL'; escapedParam = 'NULL';
else if ([...NUMBER, ...FLOAT].includes(type)) else if ([...NUMBER, ...FLOAT].includes(type))
escapedParam = +params.row[key]; escapedParam = +params.row[key];
else if ([...TEXT, ...LONG_TEXT].includes(type)) else if ([...TEXT, ...LONG_TEXT].includes(type)) {
escapedParam = `'${sqlEscaper(params.row[key])}'`; switch (connections[params.uid]._client) {
case 'mysql':
case 'maria':
escapedParam = `"${sqlEscaper(params.row[key].value)}"`;
break;
case 'pg':
escapedParam = `'${params.row[key].value.replaceAll('\'', '\'\'')}'`;
break;
}
}
else if (BLOB.includes(type)) { else if (BLOB.includes(type)) {
if (params.row[key].value) { if (params.row[key].value) {
let fileBlob; let fileBlob;
@ -266,8 +284,17 @@ export default (connections) => {
escapedParam = 'NULL'; escapedParam = 'NULL';
else if ([...NUMBER, ...FLOAT].includes(type)) else if ([...NUMBER, ...FLOAT].includes(type))
escapedParam = params.row[key].value; escapedParam = params.row[key].value;
else if ([...TEXT, ...LONG_TEXT].includes(type)) else if ([...TEXT, ...LONG_TEXT].includes(type)) {
escapedParam = `'${sqlEscaper(params.row[key].value)}'`; switch (connections[params.uid]._client) {
case 'mysql':
case 'maria':
escapedParam = `"${sqlEscaper(params.row[key].value)}"`;
break;
case 'pg':
escapedParam = `'${params.row[key].value.replaceAll('\'', '\'\'')}'`;
break;
}
}
else if (BLOB.includes(type)) { else if (BLOB.includes(type)) {
if (params.row[key].value) { if (params.row[key].value) {
let fileBlob; let fileBlob;