Socket
Socket
Sign inDemoInstall

sql-escape-string

Package Overview
Dependencies
0
Maintainers
1
Versions
3
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.0.0 to 1.1.0

2

package.json
{
"name": "sql-escape-string",
"version": "1.0.0",
"version": "1.1.0",
"description": "Simple SQL string escape.",

@@ -5,0 +5,0 @@ "main": "sql-escape-string.js",

@@ -35,4 +35,4 @@ # sql-escape-string [![build status](https://secure.travis-ci.org/thlorenz/sql-escape-string.svg?branch=master)](http://travis-ci.org/thlorenz/sql-escape-string)

- backslashes are not escaped by default
- single quotes are escaped via `''` instead of `\'` and double quotes via `""` instead of `\"`
- backslashes and double quotes `"` are not escaped by default
- single quotes are escaped via `''` instead of `\'`
- your sql engine should throw an error when encountering a backslash escape

@@ -52,3 +52,3 @@ as part of a string, unless it is a literal backslash, i.e. `'backslash: \\'`.

Returns **[String](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String)** the original string escaped and safe to use
Returns **[String](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String)** the original string escaped wrapped in single quotes, i.e. `'mystring'`

@@ -55,0 +55,0 @@ ## License

'use strict'
const CHARS_GLOBAL_RX = /["']/g
const CHARS_ESCAPE_MAP = {
'"' : '""'
, '\'' : '\'\''
}
// eslint-disable-next-line no-control-regex

@@ -33,4 +27,4 @@ const CHARS_GLOBAL_BACKSLASH_SUPPORTED_RX = /[\0\b\t\n\r\x1a"'\\]/g

*
* - backslashes are not escaped by default
* - single quotes are escaped via `''` instead of `\'` and double quotes via `""` instead of `\"`
* - backslashes and double quotes `"` are not escaped by default
* - single quotes are escaped via `''` instead of `\'`
* - your sql engine should throw an error when encountering a backslash escape

@@ -46,3 +40,3 @@ * as part of a string, unless it is a literal backslash, i.e. `'backslash: \\'`.

* @param {Boolean} [$0.backslashSupported = false] if `true` backslashes are supported
* @returns {String} the original string escaped and safe to use
* @returns {String} the original string escaped wrapped in single quotes, i.e. `'mystring'`
*/

@@ -55,4 +49,7 @@ function escapeString(val, opts) {

const backslashSupported = !!opts.backslashSupported
const charsRx = backslashSupported ? CHARS_GLOBAL_BACKSLASH_SUPPORTED_RX : CHARS_GLOBAL_RX
const charsEscapeMap = backslashSupported ? CHARS_ESCAPE_BACKSLASH_SUPPORTED_MAP : CHARS_ESCAPE_MAP
if (!backslashSupported) return "'" + val.replace(/'/g, "''") + "'"
const charsRx = CHARS_GLOBAL_BACKSLASH_SUPPORTED_RX
const charsEscapeMap = CHARS_ESCAPE_BACKSLASH_SUPPORTED_MAP
var chunkIndex = charsRx.lastIndex = 0

@@ -59,0 +56,0 @@ var escapedVal = ''

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc