MYSQLSafe 0.0.8 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. data/lib/MYSQLSafe/base.rb +23 -22
  2. data/lib/MYSQLSafe/version.rb +1 -1
  3. data/test/lib/MYSQLSafe/base_test.rb +1 -1
  4. metadata +1 -1
data/lib/MYSQLSafe/base.rb CHANGED
@@ -3,7 +3,7 @@ require 'mysql'
3
3
  module MYSQLSafe
4
4
  class Base
5
5
  attr_accessor :host, :database, :user, :encoding, :password
6
-
6
+
7
7
  def connect_safe(raw_sql)
8
8
  @mysql_array = []
9
9
  @encoding ||= 'utf-8'
@@ -22,8 +22,9 @@ module MYSQLSafe
22
22
  table_match = match_name(table_names, sql)
23
23
 
24
24
  if table_match
25
- column_names = get_column_names(match)
25
+ column_names = get_column_names(table_match)
26
26
  column_match = match_name(column_names, sql)
27
+ column_match = [] if !(sql.to_s.downcase.include?('where'))
27
28
  else
28
29
  raise 'MYSQLSafe error: no valid table name could be found in your SQL statement'
29
30
  end
@@ -34,9 +35,8 @@ module MYSQLSafe
34
35
  raise 'MYSQLSafe error: no valid column name(s) could be found in your SQL statement'
35
36
  end
36
37
 
37
- mysql_object = cxtn.query(ticked_sql)
38
+ mysql_object = @cxtn.query(ticked_sql)
38
39
  mysql_object.each { |row| @mysql_array.push(row) }
39
- puts "After push: #{@mysql_array}"
40
40
  rescue Mysql::Error => msqle
41
41
  puts "Error! #{msqle}, #{@mysql_array}"
42
42
  @mysql_array.push(["MYSQL Error: #{msqle}"])
@@ -46,10 +46,9 @@ module MYSQLSafe
46
46
  else
47
47
  raise "MYSQLSafe error: Host, Database, User and Password must be set to run a query. You included #{options}"
48
48
  end
49
- puts "@mysql_array is #{@mysql_array} a #{@mysql_array.class}"
50
49
  return @mysql_array
51
50
  end
52
-
51
+
53
52
  private
54
53
  def tick_sql(sql, table_array, column_array)
55
54
  ticked_sql = sql.delete("`")
@@ -62,24 +61,26 @@ module MYSQLSafe
62
61
 
63
62
  return ticked_sql
64
63
  end
65
-
66
- def get_column_names(table_name)
67
- column_names_sql = "SELECT `COLUMN_NAME` FROM `INFORMATION_SCHEMA`.`COLUMNS` WHERE `TABLE_SCHEMA`='#{@database}' AND `TABLE_NAME`='#{table_name}';"
68
- column_names_results_sql = query_safe(column_names_sql)
69
-
64
+
65
+ def get_column_names(table_names)
70
66
  column_names = []
71
- column_names_results_sql.each do |name|
72
- column_names.push(name)
67
+ table_names.each do |table_name|
68
+ column_names_sql = "SELECT `COLUMN_NAME` FROM `INFORMATION_SCHEMA`.`COLUMNS` WHERE `TABLE_SCHEMA`='#{@database}' AND `TABLE_NAME`='#{table_name}';"
69
+ column_names_results_sql = @cxtn.query(column_names_sql)
70
+
71
+ column_names_results_sql.each do |name|
72
+ column_names.push(name)
73
+ end
73
74
  end
74
75
 
75
76
  return column_names
76
77
  end
77
-
78
+
78
79
  def match_name(name_array, sql)
79
80
  match = []
80
81
 
81
82
  name_array.each do |name|
82
- match.push(name) if sql.to_s.include?("#{name}=") || sql.to_s[/#{name}\s+=/] || sql.to_s[/#{name}`\s+=/]
83
+ match.push(name) if sql.to_s.include?("#{name}")
83
84
  end
84
85
 
85
86
  if match.size > 0
@@ -88,34 +89,34 @@ module MYSQLSafe
88
89
  return false
89
90
  end
90
91
  end
91
-
92
+
92
93
  def query_safe(dangerous_sql)
93
94
  @cxtn.query(Mysql.escape_string(dangerous_sql))
94
95
  end
95
-
96
+
96
97
  def get_table_names
97
98
  table_names_sql = "SHOW TABLES FROM `#{@database}`;"
98
99
  table_names_results_sql = query_safe(table_names_sql)
99
100
 
100
101
  table_names = []
101
102
  table_names_results_sql.each do |name|
102
- table_names.push(name)
103
+ table_names.push(name[0])
103
104
  end
104
105
 
105
106
  return table_names
106
107
  end
107
-
108
+
108
109
  def esc_enc_string(string)
109
110
  return esc_string(enc_string(string.to_s))
110
111
  end
111
-
112
+
112
113
  def enc_string(string)
113
114
  return string.encode("#{@encoding}", "#{@encoding}", :invalid => :replace)
114
115
  end
115
-
116
+
116
117
  def esc_string(string)
117
118
  return Mysql.escape_string(string)
118
119
  end
119
-
120
+
120
121
  end
121
122
  end
data/lib/MYSQLSafe/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module MYSQLSafe
2
- VERSION = "0.0.8"
2
+ VERSION = "0.0.9"
3
3
  end
data/test/lib/MYSQLSafe/base_test.rb CHANGED
@@ -45,7 +45,7 @@ describe MYSQLSafe::Base do
45
45
  password_key = ENV['MYSQLPASSWORD'] || "password"
46
46
  @obj.password = password_key
47
47
 
48
- success = @obj.connect_safe("SELECT * FROM test LIMIT 1")
48
+ success = @obj.connect_safe("SELECT * FROM performance_test LIMIT 1")
49
49
  success.must_be_instance_of Array
50
50
  end
51
51
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: MYSQLSafe
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.8
4
+ version: 0.0.9
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors: