sqb 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/sqb.rb +7 -0
- data/lib/sqb/query.rb +32 -14
- data/lib/sqb/safe_string.rb +5 -0
- data/lib/sqb/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 36cfacce28d143bb31c2b714cc2b4a99744a7dfd117832e0952979767bfcd7af
|
4
|
+
data.tar.gz: 72efb2953532af5f444b55833e3342138bfe68a94560567658e81981d38db043
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9bad00a3fad97d424d51d7a150ca64055885fdd730d8c925712895176ac6fa61e575433f3bc18b90f165d5a2fa2bda5b32c5e07ba463d0460d39578c9cdcaa76
|
7
|
+
data.tar.gz: 0b927ede58eaa630e8a665a1d5ee9e564eaaebfd96d8ed29a66a0b0606aab22fe000f75142428386084d512d6238f3450a1642ebf13bdce57bade20a449023a6
|
data/lib/sqb.rb
CHANGED
data/lib/sqb/query.rb
CHANGED
@@ -37,12 +37,12 @@ module SQB
|
|
37
37
|
query << "SELECT"
|
38
38
|
query << "DISTINCT" if @distinct
|
39
39
|
if @columns.empty?
|
40
|
-
query <<
|
40
|
+
query << escape_and_join(@table_name, '*')
|
41
41
|
else
|
42
42
|
query << @columns.join(', ')
|
43
43
|
end
|
44
44
|
query << "FROM"
|
45
|
-
query <<
|
45
|
+
query << escape_and_join(@options[:database_name], @table_name)
|
46
46
|
|
47
47
|
unless @joins.empty?
|
48
48
|
query << @joins.join(' ')
|
@@ -85,7 +85,7 @@ module SQB
|
|
85
85
|
if options[:function]
|
86
86
|
query << "#{escape_function(options[:function])}("
|
87
87
|
end
|
88
|
-
query <<
|
88
|
+
query << escape_and_join(table, column)
|
89
89
|
if options[:function]
|
90
90
|
query << ")"
|
91
91
|
end
|
@@ -176,7 +176,7 @@ module SQB
|
|
176
176
|
end
|
177
177
|
|
178
178
|
with_table_and_column(column) do |table, column|
|
179
|
-
@orders << [
|
179
|
+
@orders << [escape_and_join(table, column), direction].join(' ')
|
180
180
|
end
|
181
181
|
|
182
182
|
self
|
@@ -199,7 +199,7 @@ module SQB
|
|
199
199
|
# @return [Query]
|
200
200
|
def group_by(column)
|
201
201
|
with_table_and_column(column) do |table, column|
|
202
|
-
@groups <<
|
202
|
+
@groups << escape_and_join(table, column)
|
203
203
|
end
|
204
204
|
self
|
205
205
|
end
|
@@ -223,13 +223,13 @@ module SQB
|
|
223
223
|
|
224
224
|
@joins << [].tap do |query|
|
225
225
|
query << "INNER JOIN"
|
226
|
-
query <<
|
226
|
+
query << escape_and_join(@options[:database_name], table_name)
|
227
227
|
query << "AS"
|
228
228
|
query << escape(join_name)
|
229
229
|
query << "ON"
|
230
|
-
query <<
|
230
|
+
query << escape_and_join(@table_name, 'id')
|
231
231
|
query << "="
|
232
|
-
query <<
|
232
|
+
query << escape_and_join(join_name, foreign_key)
|
233
233
|
end.join(' ')
|
234
234
|
|
235
235
|
if options[:where]
|
@@ -266,7 +266,7 @@ module SQB
|
|
266
266
|
key = key.first[1]
|
267
267
|
end
|
268
268
|
|
269
|
-
key =
|
269
|
+
key = escape_and_join(table, key)
|
270
270
|
|
271
271
|
if value.is_a?(Array)
|
272
272
|
escaped_values = value.map { |v| value_escape(v) }.join(', ')
|
@@ -299,6 +299,10 @@ module SQB
|
|
299
299
|
escaped_values = value.map { |v| value_escape(v) }.join(', ')
|
300
300
|
op = operator == :in ? "IN" : "NOT IN"
|
301
301
|
sql << "#{key} #{op} (#{escaped_values})"
|
302
|
+
when :like
|
303
|
+
sql << "#{key} LIKE #{value_escape(value)}"
|
304
|
+
when :not_like
|
305
|
+
sql << "#{key} NOT LIKE #{value_escape(value)}"
|
302
306
|
else
|
303
307
|
raise InvalidOperatorError, "Invalid operator '#{operator}'"
|
304
308
|
end
|
@@ -314,11 +318,19 @@ module SQB
|
|
314
318
|
end
|
315
319
|
|
316
320
|
def escape(name)
|
317
|
-
|
321
|
+
if name.is_a?(SafeString)
|
322
|
+
name
|
323
|
+
else
|
324
|
+
"`#{name.to_s.gsub('`', '``')}`"
|
325
|
+
end
|
318
326
|
end
|
319
327
|
|
320
328
|
def escape_function(name)
|
321
|
-
name.
|
329
|
+
if name.is_a?(SafeString)
|
330
|
+
name
|
331
|
+
else
|
332
|
+
name.to_s.gsub(/[^a-z0-9\_]/i, '').upcase
|
333
|
+
end
|
322
334
|
end
|
323
335
|
|
324
336
|
def value_escape(value)
|
@@ -345,12 +357,18 @@ module SQB
|
|
345
357
|
if input.is_a?(Hash)
|
346
358
|
input.each { |table, column| block.call(table, column) }
|
347
359
|
else
|
348
|
-
block.call(@table_name, input
|
360
|
+
block.call(@table_name, input)
|
349
361
|
end
|
350
362
|
end
|
351
363
|
|
352
|
-
def
|
353
|
-
|
364
|
+
def escape_and_join(*parts)
|
365
|
+
if parts.last.is_a?(SafeString)
|
366
|
+
# If a safe string is provided as a column name, we'll
|
367
|
+
# always use this even if a table name is provided too.
|
368
|
+
parts.last
|
369
|
+
else
|
370
|
+
parts.compact.map { |part| escape(part) }.join('.')
|
371
|
+
end
|
354
372
|
end
|
355
373
|
|
356
374
|
end
|
data/lib/sqb/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sqb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Cooke
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-02-
|
11
|
+
date: 2018-02-27 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: A friendly SQL builder for MySQL.
|
14
14
|
email:
|
@@ -20,6 +20,7 @@ files:
|
|
20
20
|
- lib/sqb.rb
|
21
21
|
- lib/sqb/error.rb
|
22
22
|
- lib/sqb/query.rb
|
23
|
+
- lib/sqb/safe_string.rb
|
23
24
|
- lib/sqb/version.rb
|
24
25
|
homepage: https://github.com/adamcooke/sqb
|
25
26
|
licenses:
|