UNPKG

@trithanka/sql-builder

Version:

A lightweight, function-based, chainable SQL query builder for Node.js using MySQL pool connections.

github.com/Trithanka/sql-query-builder

Trithanka/sql-query-builder

86 lines (76 loc) 3.24 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
const { createSelectBuilder } = require('../src'); console.log('=== BUG TESTING ===\n'); // Bug 1: WHERE clause detection fails with comments/strings console.log('Bug 1: WHERE detection in comments/strings'); const builder1 = createSelectBuilder("SELECT * FROM users -- WHERE clause here"); const result1 = builder1.where('status = ?', 'active').build(); console.log('SQL:', result1.sql); console.log('Expected: SELECT * FROM users -- WHERE clause here WHERE status = ?'); console.log('Got:', result1.sql); console.log(''); // Bug 2: Value validation inconsistency console.log('Bug 2: Value validation inconsistency'); const builder2 = createSelectBuilder('SELECT * FROM users'); builder2.where('status = ?', ''); // Empty string - should be ignored builder2.having('COUNT(*) > ?', ''); // Empty string - should be ignored const result2 = builder2.build(); console.log('Values array:', result2.values); console.log('Expected: [] (empty array)'); console.log('Got:', result2.values); console.log(''); // Bug 3: SQL injection vulnerability console.log('Bug 3: SQL injection vulnerability'); const builder3 = createSelectBuilder('SELECT * FROM users'); builder3.orderBy('id; DROP TABLE users; --', 'ASC'); const result3 = builder3.build(); console.log('SQL:', result3.sql); console.log('Vulnerable to SQL injection!'); console.log(''); // Bug 4: Pagination with negative values console.log('Bug 4: Pagination with negative values'); const builder4 = createSelectBuilder('SELECT * FROM users'); builder4.paginate(-5, -10); const result4 = builder4.build(); console.log('Values:', result4.values); console.log('SQL:', result4.sql); console.log('Negative values should be handled!'); console.log(''); // Bug 5: Count mode with complex pagination console.log('Bug 5: Count mode pagination bug'); const builder5 = createSelectBuilder('SELECT * FROM users'); builder5.where('status = ?', 'active'); builder5.paginate(10, 20); const result5 = builder5.build('count'); console.log('Main values:', result5.values); console.log('Count values:', result5.countValues); console.log('Count SQL:', result5.countSql); console.log(''); // Bug 6: Multiple ORDER BY calls console.log('Bug 6: Multiple ORDER BY calls'); const builder6 = createSelectBuilder('SELECT * FROM users'); builder6.orderBy('name', 'ASC'); builder6.orderBy('age', 'DESC'); // Should override previous const result6 = builder6.build(); console.log('SQL:', result6.sql); console.log('Expected: ORDER BY age DESC'); console.log('Got:', result6.sql); console.log(''); // Bug 7: Empty base SQL console.log('Bug 7: Empty base SQL'); try { const builder7 = createSelectBuilder(''); const result7 = builder7.build(); console.log('Empty SQL result:', result7.sql); } catch (error) { console.log('Error with empty SQL:', error.message); } console.log(''); // Bug 8: WHERE clause with special characters console.log('Bug 8: WHERE clause with special characters'); const builder8 = createSelectBuilder('SELECT * FROM users WHERE name LIKE "%WHERE%"'); builder8.where('status = ?', 'active'); const result8 = builder8.build(); console.log('SQL:', result8.sql); console.log('Should handle WHERE in string literals correctly'); console.log(''); console.log('=== END BUG TESTING ===');