sqb 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/sqb.rb +7 -0
- data/lib/sqb/query.rb +32 -14
- data/lib/sqb/safe_string.rb +5 -0
- data/lib/sqb/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 36cfacce28d143bb31c2b714cc2b4a99744a7dfd117832e0952979767bfcd7af
|
|
4
|
+
data.tar.gz: 72efb2953532af5f444b55833e3342138bfe68a94560567658e81981d38db043
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9bad00a3fad97d424d51d7a150ca64055885fdd730d8c925712895176ac6fa61e575433f3bc18b90f165d5a2fa2bda5b32c5e07ba463d0460d39578c9cdcaa76
|
|
7
|
+
data.tar.gz: 0b927ede58eaa630e8a665a1d5ee9e564eaaebfd96d8ed29a66a0b0606aab22fe000f75142428386084d512d6238f3450a1642ebf13bdce57bade20a449023a6
|
data/lib/sqb.rb
CHANGED
data/lib/sqb/query.rb
CHANGED
|
@@ -37,12 +37,12 @@ module SQB
|
|
|
37
37
|
query << "SELECT"
|
|
38
38
|
query << "DISTINCT" if @distinct
|
|
39
39
|
if @columns.empty?
|
|
40
|
-
query <<
|
|
40
|
+
query << escape_and_join(@table_name, '*')
|
|
41
41
|
else
|
|
42
42
|
query << @columns.join(', ')
|
|
43
43
|
end
|
|
44
44
|
query << "FROM"
|
|
45
|
-
query <<
|
|
45
|
+
query << escape_and_join(@options[:database_name], @table_name)
|
|
46
46
|
|
|
47
47
|
unless @joins.empty?
|
|
48
48
|
query << @joins.join(' ')
|
|
@@ -85,7 +85,7 @@ module SQB
|
|
|
85
85
|
if options[:function]
|
|
86
86
|
query << "#{escape_function(options[:function])}("
|
|
87
87
|
end
|
|
88
|
-
query <<
|
|
88
|
+
query << escape_and_join(table, column)
|
|
89
89
|
if options[:function]
|
|
90
90
|
query << ")"
|
|
91
91
|
end
|
|
@@ -176,7 +176,7 @@ module SQB
|
|
|
176
176
|
end
|
|
177
177
|
|
|
178
178
|
with_table_and_column(column) do |table, column|
|
|
179
|
-
@orders << [
|
|
179
|
+
@orders << [escape_and_join(table, column), direction].join(' ')
|
|
180
180
|
end
|
|
181
181
|
|
|
182
182
|
self
|
|
@@ -199,7 +199,7 @@ module SQB
|
|
|
199
199
|
# @return [Query]
|
|
200
200
|
def group_by(column)
|
|
201
201
|
with_table_and_column(column) do |table, column|
|
|
202
|
-
@groups <<
|
|
202
|
+
@groups << escape_and_join(table, column)
|
|
203
203
|
end
|
|
204
204
|
self
|
|
205
205
|
end
|
|
@@ -223,13 +223,13 @@ module SQB
|
|
|
223
223
|
|
|
224
224
|
@joins << [].tap do |query|
|
|
225
225
|
query << "INNER JOIN"
|
|
226
|
-
query <<
|
|
226
|
+
query << escape_and_join(@options[:database_name], table_name)
|
|
227
227
|
query << "AS"
|
|
228
228
|
query << escape(join_name)
|
|
229
229
|
query << "ON"
|
|
230
|
-
query <<
|
|
230
|
+
query << escape_and_join(@table_name, 'id')
|
|
231
231
|
query << "="
|
|
232
|
-
query <<
|
|
232
|
+
query << escape_and_join(join_name, foreign_key)
|
|
233
233
|
end.join(' ')
|
|
234
234
|
|
|
235
235
|
if options[:where]
|
|
@@ -266,7 +266,7 @@ module SQB
|
|
|
266
266
|
key = key.first[1]
|
|
267
267
|
end
|
|
268
268
|
|
|
269
|
-
key =
|
|
269
|
+
key = escape_and_join(table, key)
|
|
270
270
|
|
|
271
271
|
if value.is_a?(Array)
|
|
272
272
|
escaped_values = value.map { |v| value_escape(v) }.join(', ')
|
|
@@ -299,6 +299,10 @@ module SQB
|
|
|
299
299
|
escaped_values = value.map { |v| value_escape(v) }.join(', ')
|
|
300
300
|
op = operator == :in ? "IN" : "NOT IN"
|
|
301
301
|
sql << "#{key} #{op} (#{escaped_values})"
|
|
302
|
+
when :like
|
|
303
|
+
sql << "#{key} LIKE #{value_escape(value)}"
|
|
304
|
+
when :not_like
|
|
305
|
+
sql << "#{key} NOT LIKE #{value_escape(value)}"
|
|
302
306
|
else
|
|
303
307
|
raise InvalidOperatorError, "Invalid operator '#{operator}'"
|
|
304
308
|
end
|
|
@@ -314,11 +318,19 @@ module SQB
|
|
|
314
318
|
end
|
|
315
319
|
|
|
316
320
|
def escape(name)
|
|
317
|
-
|
|
321
|
+
if name.is_a?(SafeString)
|
|
322
|
+
name
|
|
323
|
+
else
|
|
324
|
+
"`#{name.to_s.gsub('`', '``')}`"
|
|
325
|
+
end
|
|
318
326
|
end
|
|
319
327
|
|
|
320
328
|
def escape_function(name)
|
|
321
|
-
name.
|
|
329
|
+
if name.is_a?(SafeString)
|
|
330
|
+
name
|
|
331
|
+
else
|
|
332
|
+
name.to_s.gsub(/[^a-z0-9\_]/i, '').upcase
|
|
333
|
+
end
|
|
322
334
|
end
|
|
323
335
|
|
|
324
336
|
def value_escape(value)
|
|
@@ -345,12 +357,18 @@ module SQB
|
|
|
345
357
|
if input.is_a?(Hash)
|
|
346
358
|
input.each { |table, column| block.call(table, column) }
|
|
347
359
|
else
|
|
348
|
-
block.call(@table_name, input
|
|
360
|
+
block.call(@table_name, input)
|
|
349
361
|
end
|
|
350
362
|
end
|
|
351
363
|
|
|
352
|
-
def
|
|
353
|
-
|
|
364
|
+
def escape_and_join(*parts)
|
|
365
|
+
if parts.last.is_a?(SafeString)
|
|
366
|
+
# If a safe string is provided as a column name, we'll
|
|
367
|
+
# always use this even if a table name is provided too.
|
|
368
|
+
parts.last
|
|
369
|
+
else
|
|
370
|
+
parts.compact.map { |part| escape(part) }.join('.')
|
|
371
|
+
end
|
|
354
372
|
end
|
|
355
373
|
|
|
356
374
|
end
|
data/lib/sqb/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sqb
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adam Cooke
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-02-
|
|
11
|
+
date: 2018-02-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: A friendly SQL builder for MySQL.
|
|
14
14
|
email:
|
|
@@ -20,6 +20,7 @@ files:
|
|
|
20
20
|
- lib/sqb.rb
|
|
21
21
|
- lib/sqb/error.rb
|
|
22
22
|
- lib/sqb/query.rb
|
|
23
|
+
- lib/sqb/safe_string.rb
|
|
23
24
|
- lib/sqb/version.rb
|
|
24
25
|
homepage: https://github.com/adamcooke/sqb
|
|
25
26
|
licenses:
|