@digitalwalletcorp/sql-builder 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/sql-builder.ts +18 -1
package/package.json
CHANGED
package/src/sql-builder.ts
CHANGED
|
@@ -290,6 +290,8 @@ export class SQLBuilder {
|
|
|
290
290
|
}
|
|
291
291
|
}
|
|
292
292
|
|
|
293
|
+
// 最後に余った部分を追加する
|
|
294
|
+
result += template.substring(pos.index);
|
|
293
295
|
return result;
|
|
294
296
|
}
|
|
295
297
|
|
|
@@ -429,7 +431,7 @@ export class SQLBuilder {
|
|
|
429
431
|
if (Array.isArray(value)) {
|
|
430
432
|
result = `(${value.map(v => typeof v === 'string' ? `'${v}'` : v).join(',')})`;
|
|
431
433
|
} else {
|
|
432
|
-
result = typeof value === 'string' ? `'${value}'` : value;
|
|
434
|
+
result = typeof value === 'string' ? `'${this.escape(value)}'` : value;
|
|
433
435
|
}
|
|
434
436
|
return result as ExtractValueType<T>;
|
|
435
437
|
}
|
|
@@ -438,4 +440,19 @@ export class SQLBuilder {
|
|
|
438
440
|
return undefined as ExtractValueType<T>;
|
|
439
441
|
}
|
|
440
442
|
}
|
|
443
|
+
|
|
444
|
+
/**
|
|
445
|
+
* SQLインジェクション対策
|
|
446
|
+
* * シングルクォートのエスケープ
|
|
447
|
+
* * バックスラッシュのエスケープ
|
|
448
|
+
*
|
|
449
|
+
* @param {string} str
|
|
450
|
+
* @returns {string}
|
|
451
|
+
*/
|
|
452
|
+
private escape(str: string): string {
|
|
453
|
+
let escapedString = str;
|
|
454
|
+
escapedString = escapedString.replace(/'/g, '\'\'');
|
|
455
|
+
escapedString = escapedString.replace(/\\/g, '\\\\');
|
|
456
|
+
return escapedString;
|
|
457
|
+
}
|
|
441
458
|
}
|