sql-escape-string
Advanced tools
Comparing version 1.0.0 to 1.1.0
{ | ||
"name": "sql-escape-string", | ||
"version": "1.0.0", | ||
"version": "1.1.0", | ||
"description": "Simple SQL string escape.", | ||
@@ -5,0 +5,0 @@ "main": "sql-escape-string.js", |
@@ -35,4 +35,4 @@ # sql-escape-string [![build status](https://secure.travis-ci.org/thlorenz/sql-escape-string.svg?branch=master)](http://travis-ci.org/thlorenz/sql-escape-string) | ||
- backslashes are not escaped by default | ||
- single quotes are escaped via `''` instead of `\'` and double quotes via `""` instead of `\"` | ||
- backslashes and double quotes `"` are not escaped by default | ||
- single quotes are escaped via `''` instead of `\'` | ||
- your sql engine should throw an error when encountering a backslash escape | ||
@@ -52,3 +52,3 @@ as part of a string, unless it is a literal backslash, i.e. `'backslash: \\'`. | ||
Returns **[String](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String)** the original string escaped and safe to use | ||
Returns **[String](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String)** the original string escaped wrapped in single quotes, i.e. `'mystring'` | ||
@@ -55,0 +55,0 @@ ## License |
'use strict' | ||
const CHARS_GLOBAL_RX = /["']/g | ||
const CHARS_ESCAPE_MAP = { | ||
'"' : '""' | ||
, '\'' : '\'\'' | ||
} | ||
// eslint-disable-next-line no-control-regex | ||
@@ -33,4 +27,4 @@ const CHARS_GLOBAL_BACKSLASH_SUPPORTED_RX = /[\0\b\t\n\r\x1a"'\\]/g | ||
* | ||
* - backslashes are not escaped by default | ||
* - single quotes are escaped via `''` instead of `\'` and double quotes via `""` instead of `\"` | ||
* - backslashes and double quotes `"` are not escaped by default | ||
* - single quotes are escaped via `''` instead of `\'` | ||
* - your sql engine should throw an error when encountering a backslash escape | ||
@@ -46,3 +40,3 @@ * as part of a string, unless it is a literal backslash, i.e. `'backslash: \\'`. | ||
* @param {Boolean} [$0.backslashSupported = false] if `true` backslashes are supported | ||
* @returns {String} the original string escaped and safe to use | ||
* @returns {String} the original string escaped wrapped in single quotes, i.e. `'mystring'` | ||
*/ | ||
@@ -55,4 +49,7 @@ function escapeString(val, opts) { | ||
const backslashSupported = !!opts.backslashSupported | ||
const charsRx = backslashSupported ? CHARS_GLOBAL_BACKSLASH_SUPPORTED_RX : CHARS_GLOBAL_RX | ||
const charsEscapeMap = backslashSupported ? CHARS_ESCAPE_BACKSLASH_SUPPORTED_MAP : CHARS_ESCAPE_MAP | ||
if (!backslashSupported) return "'" + val.replace(/'/g, "''") + "'" | ||
const charsRx = CHARS_GLOBAL_BACKSLASH_SUPPORTED_RX | ||
const charsEscapeMap = CHARS_ESCAPE_BACKSLASH_SUPPORTED_MAP | ||
var chunkIndex = charsRx.lastIndex = 0 | ||
@@ -59,0 +56,0 @@ var escapedVal = '' |
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
0
6549
60