@clickup/ent-framework
Version:
A PostgreSQL graph-database-alike library with microsharding and row-level security
29 lines • 1.24 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.escapeLiteral = escapeLiteral;
const misc_1 = require("../../internal/misc");
const escapeAny_1 = require("../internal/escapeAny");
const escapeID_1 = require("../internal/escapeID");
/**
* Builds a part of SQL query using ?-placeholders to prevent SQL Injection.
* Everywhere where we want to accept a piece of SQL, we should instead accept a
* Literal tuple.
*
* The function converts a Literal tuple [fmt, ...args] into a string, escaping
* the args and interpolating them into the format SQL where "?" is a
* placeholder for the replacing value.
*/
function escapeLiteral(literal) {
if (!(literal instanceof Array) ||
literal.length === 0 ||
typeof literal[0] !== "string") {
throw Error("Invalid literal value (must be an array with 1st element as a format): " +
(0, misc_1.inspectCompact)(literal));
}
if (literal.length === 1) {
return literal[0];
}
const [fmt, ...args] = literal;
return fmt.replace(/\?([i]?)/g, (_, flag) => flag === "i" ? (0, escapeID_1.escapeID)("" + args.shift()) : (0, escapeAny_1.escapeAny)(args.shift()));
}
//# sourceMappingURL=escapeLiteral.js.map