mm_mysql 1.7.2 → 1.7.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/sql.js +48 -38
- package/test.js +12 -1
package/package.json
CHANGED
package/sql.js
CHANGED
|
@@ -328,20 +328,20 @@ Sql.prototype.groupMathSql = async function(where, groupby, view, sort, method)
|
|
|
328
328
|
if (view.indexOf(",") !== -1) {
|
|
329
329
|
var arr = view.split(",");
|
|
330
330
|
for (var i = 0; i < arr.length; i++) {
|
|
331
|
-
var str =
|
|
331
|
+
var str = escapeId(arr[i]);
|
|
332
332
|
viewStr += "," + method.toUpperCase() + "(" + str + ") " + method.toLowerCase() + "_" + str.replace(
|
|
333
333
|
/`/g, "")
|
|
334
334
|
}
|
|
335
335
|
} else {
|
|
336
|
-
viewStr = "," + method.toUpperCase() + "(" +
|
|
336
|
+
viewStr = "," + method.toUpperCase() + "(" + escapeId(view) + ") " + method.toLowerCase() + "_" +
|
|
337
337
|
view.replace(/`/g, "")
|
|
338
338
|
}
|
|
339
|
-
var sql = "SELECT " + (groupby ?
|
|
339
|
+
var sql = "SELECT " + (groupby ? escapeId(groupby) : "") + viewStr + " FROM `" + this.table + "`";
|
|
340
340
|
if (where) {
|
|
341
341
|
sql += ' WHERE ' + where;
|
|
342
342
|
}
|
|
343
343
|
if (groupby) {
|
|
344
|
-
sql += " GROUP BY " +
|
|
344
|
+
sql += " GROUP BY " + escapeId(groupby);
|
|
345
345
|
}
|
|
346
346
|
if (sort) {
|
|
347
347
|
sql += " ORDER BY " + sort;
|
|
@@ -453,34 +453,39 @@ Sql.prototype.toWhere = function(obj, like) {
|
|
|
453
453
|
if (like) {
|
|
454
454
|
for (var k in obj) {
|
|
455
455
|
var val = obj[k];
|
|
456
|
+
if (val && typeof(val) === "string") {
|
|
457
|
+
val = val.trim("'");
|
|
458
|
+
}
|
|
456
459
|
if (k.endWith('_min')) {
|
|
457
|
-
where += " and " +
|
|
460
|
+
where += " and " + escapeId(k.replace('_min', '')) + " >= " + escape(val);
|
|
458
461
|
} else if (k.endWith('_max')) {
|
|
459
|
-
where += " and " +
|
|
462
|
+
where += " and " + escapeId(k.replace('_max', '')) + " <= " + escape(val);
|
|
460
463
|
} else if (k.endWith('_not')) {
|
|
461
|
-
where += " and " +
|
|
464
|
+
where += " and " + escapeId(k.replace('_not', '')) + " != " + escape(val);
|
|
462
465
|
} else if (k.endWith('_has')) {
|
|
463
|
-
where += " and " +
|
|
466
|
+
where += " and " + escapeId(k.replace('_has', '')) + " in (" + val + ")";
|
|
464
467
|
} else if (typeof(val) === "string" && !/^[0-9]+$/.test(val)) {
|
|
465
|
-
where += " and " +
|
|
468
|
+
where += " and " + escapeId(k) + " LIKE '%" + escape(val).trim("'") + "%'"
|
|
466
469
|
} else {
|
|
467
|
-
where += " and " +
|
|
470
|
+
where += " and " + escapeId(k) + " = " + val
|
|
468
471
|
}
|
|
469
472
|
}
|
|
470
473
|
} else {
|
|
471
474
|
for (var k in obj) {
|
|
472
475
|
var val = obj[k];
|
|
476
|
+
if (val && typeof(val) === "string") {
|
|
477
|
+
val = val.trim("'");
|
|
478
|
+
}
|
|
473
479
|
if (k.endWith('_min')) {
|
|
474
|
-
where += " and " +
|
|
475
|
-
''));
|
|
480
|
+
where += " and " + escapeId(k.replace('_min', '')) + " >= " + escape(val);
|
|
476
481
|
} else if (k.endWith('_max')) {
|
|
477
|
-
where += " and " +
|
|
482
|
+
where += " and " + escapeId(k.replace('_max', '')) + " <= " + escape(val);
|
|
478
483
|
} else if (k.endWith('_not')) {
|
|
479
|
-
where += " and " +
|
|
484
|
+
where += " and " + escapeId(k.replace('_not', '')) + " != " + escape(val);
|
|
480
485
|
} else if (k.endWith('_has')) {
|
|
481
|
-
where += " and " +
|
|
486
|
+
where += " and " + escapeId(k.replace('_has', '')) + " in (" + val.replace(/`/gi, "") + ")";
|
|
482
487
|
} else {
|
|
483
|
-
where += " and " +
|
|
488
|
+
where += " and " + escapeId(k) + "=" + escape(val);
|
|
484
489
|
}
|
|
485
490
|
}
|
|
486
491
|
}
|
|
@@ -495,15 +500,19 @@ Sql.prototype.toWhere = function(obj, like) {
|
|
|
495
500
|
Sql.prototype.toSet = function(obj) {
|
|
496
501
|
var set = "";
|
|
497
502
|
for (var k in obj) {
|
|
498
|
-
var val =
|
|
503
|
+
var val = obj[k];
|
|
504
|
+
if (val && typeof(val) == "string") {
|
|
505
|
+
val = val.trim("'");
|
|
506
|
+
}
|
|
507
|
+
val = escape(val);
|
|
499
508
|
if (k.endWith('_add')) {
|
|
500
|
-
var k2 =
|
|
509
|
+
var k2 = escapeId(k.replace('_add', ''));
|
|
501
510
|
set += "," + k2 + " = " + k2 + " + " + val;
|
|
502
511
|
} else if (k.endWith('_del')) {
|
|
503
|
-
var k3 =
|
|
512
|
+
var k3 = escapeId(k.replace('_del', ''));
|
|
504
513
|
set += "," + k3 + " = " + k3 + " - " + val;
|
|
505
514
|
} else {
|
|
506
|
-
set += "," +
|
|
515
|
+
set += "," + escapeId(k) + " = " + val;
|
|
507
516
|
}
|
|
508
517
|
}
|
|
509
518
|
return set.replace(",", "");
|
|
@@ -518,8 +527,8 @@ Sql.prototype.toAddSql = function(item) {
|
|
|
518
527
|
var key = "";
|
|
519
528
|
var val = "";
|
|
520
529
|
for (var k in item) {
|
|
521
|
-
key += "," +
|
|
522
|
-
val += "," +
|
|
530
|
+
key += "," + escapeId(k);
|
|
531
|
+
val += "," + escape(item[k]);
|
|
523
532
|
}
|
|
524
533
|
var sql = "INSERT INTO `{0}` ({1}) VALUES ({2});";
|
|
525
534
|
return sql.replace("{0}", this.table).replace("{1}", key.replace(",", "")).replace("{2}", val.replace(",", ""));
|
|
@@ -755,12 +764,12 @@ Sql.prototype.tpl_query = function(paramDt, sqlDt) {
|
|
|
755
764
|
var sl = "(";
|
|
756
765
|
var len = arr.length;
|
|
757
766
|
for (var i = 0; i < len; i++) {
|
|
758
|
-
sl += " || " + tpl.replaceAll("{0}",
|
|
767
|
+
sl += " || " + tpl.replaceAll("{0}", escape(arr[i]).trim("'"));
|
|
759
768
|
}
|
|
760
769
|
sl = sl.replace(" || ", "") + ")";
|
|
761
770
|
sql += " && " + sl;
|
|
762
771
|
} else {
|
|
763
|
-
sql += " && " + tpl.replaceAll("{0}",
|
|
772
|
+
sql += " && " + tpl.replaceAll("{0}", escape(value).trim("'"));
|
|
764
773
|
}
|
|
765
774
|
} else {
|
|
766
775
|
if (arr.length > 1) {
|
|
@@ -768,22 +777,23 @@ Sql.prototype.tpl_query = function(paramDt, sqlDt) {
|
|
|
768
777
|
var sl = "(";
|
|
769
778
|
var len = arr.length;
|
|
770
779
|
for (var i = 0; i < len; i++) {
|
|
771
|
-
sl += " || " +
|
|
780
|
+
sl += " || " + escapeId(key) + " = " + escape(arr[i]);
|
|
772
781
|
}
|
|
773
782
|
sl = sl.replace(" || ", "") + ")";
|
|
774
783
|
sql += " && " + sl;
|
|
775
784
|
} else {
|
|
776
|
-
sql += " && " +
|
|
785
|
+
sql += " && " + escapeId(key) + " = " + escape(value);
|
|
777
786
|
}
|
|
778
787
|
}
|
|
779
788
|
}
|
|
780
789
|
} else {
|
|
781
790
|
for (var key in paramDt) {
|
|
782
|
-
var value =
|
|
791
|
+
var value = paramDt[key];
|
|
792
|
+
value = escape(value);
|
|
783
793
|
if (sqlDt[key]) {
|
|
784
794
|
sql += " && " + sqlDt[key].replaceAll("{0}", value.trim("'"));
|
|
785
795
|
} else {
|
|
786
|
-
sql += " && " +
|
|
796
|
+
sql += " && " + escapeId(key) + " = " + value;
|
|
787
797
|
}
|
|
788
798
|
}
|
|
789
799
|
}
|
|
@@ -800,18 +810,18 @@ Sql.prototype.tpl_query = function(paramDt, sqlDt) {
|
|
|
800
810
|
var sl = "(";
|
|
801
811
|
var len = arr.length;
|
|
802
812
|
for (var i = 0; i < len; i++) {
|
|
803
|
-
sl += " || " +
|
|
813
|
+
sl += " || " + escapeId(key) + " = " + escape(arr[i]);
|
|
804
814
|
}
|
|
805
815
|
sl = sl.replace(" || ", "") + ")";
|
|
806
816
|
sql += " && " + sl;
|
|
807
817
|
} else {
|
|
808
|
-
sql += " && " +
|
|
818
|
+
sql += " && " + escapeId(key) + " = " + escape(value);
|
|
809
819
|
}
|
|
810
820
|
}
|
|
811
821
|
} else {
|
|
812
822
|
// 直接拼接
|
|
813
823
|
for (var key in paramDt) {
|
|
814
|
-
sql += " && " +
|
|
824
|
+
sql += " && " + escapeId(key) + " = " + escape(paramDt[key]);
|
|
815
825
|
}
|
|
816
826
|
}
|
|
817
827
|
}
|
|
@@ -828,19 +838,19 @@ Sql.prototype.tpl_body = function(paramDt, sqlDt) {
|
|
|
828
838
|
var sql = "";
|
|
829
839
|
if (!sqlDt || sqlDt.length === 0) {
|
|
830
840
|
for (var key in paramDt) {
|
|
831
|
-
sql += "
|
|
841
|
+
sql += ", " + escapeId(key) + " = " + escape(val[key]);
|
|
832
842
|
}
|
|
833
843
|
} else {
|
|
834
844
|
for (var key in paramDt) {
|
|
835
|
-
var value =
|
|
845
|
+
var value = escape(paramDt[key]);
|
|
836
846
|
if (sqlDt[key]) {
|
|
837
|
-
sql += "
|
|
847
|
+
sql += ", " + sqlDt[key].replace("{0}", value).replace('+ -', '- ').replace('- -', '+ ');
|
|
838
848
|
} else {
|
|
839
|
-
sql += "
|
|
849
|
+
sql += ", " + escapeId(key) + " = " + value;
|
|
840
850
|
}
|
|
841
851
|
}
|
|
842
852
|
}
|
|
843
|
-
return sql.replace("
|
|
853
|
+
return sql.replace(", ", "");
|
|
844
854
|
};
|
|
845
855
|
|
|
846
856
|
/**
|
|
@@ -892,7 +902,7 @@ Sql.prototype.getObj = async function(query, sort, view, like) {
|
|
|
892
902
|
var key = this.key;
|
|
893
903
|
if (key) {
|
|
894
904
|
if (view && view.indexOf(key) === -1 && view.indexOf('*') === -1) {
|
|
895
|
-
view += "," +
|
|
905
|
+
view += "," + escapeId(key);
|
|
896
906
|
}
|
|
897
907
|
}
|
|
898
908
|
if (like === undefined) {
|
|
@@ -912,4 +922,4 @@ Sql.prototype.getObj = async function(query, sort, view, like) {
|
|
|
912
922
|
}
|
|
913
923
|
};
|
|
914
924
|
|
|
915
|
-
module.exports = Sql;
|
|
925
|
+
module.exports = Sql;
|
package/test.js
CHANGED
|
@@ -81,14 +81,25 @@ async function test_tpl_get() {
|
|
|
81
81
|
db.table = 'user_account';
|
|
82
82
|
var query = {
|
|
83
83
|
gm_min: 2,
|
|
84
|
-
username: 'ad%m'
|
|
84
|
+
username: '\'ad%m'
|
|
85
85
|
};
|
|
86
86
|
db.page = 1;
|
|
87
87
|
db.size = 5;
|
|
88
88
|
var query_str = db.tpl_query(query, tpl.query);
|
|
89
89
|
ret = await db.getCountSql(query_str, "`user_id` desc", "*");
|
|
90
|
+
|
|
90
91
|
console.log('查询结果', ret);
|
|
91
92
|
console.log('SQL语句', db.sql);
|
|
93
|
+
|
|
94
|
+
var o = ret.list[0];
|
|
95
|
+
console.log("查询结果", o);
|
|
96
|
+
o.user_id = await db.count() + 1;
|
|
97
|
+
o.nickname = "'广东'小伙";
|
|
98
|
+
// await db.add(o);
|
|
99
|
+
await db.addOrSet({
|
|
100
|
+
user_id: o.user_id
|
|
101
|
+
}, o);
|
|
102
|
+
console.log(db.sql);
|
|
92
103
|
|
|
93
104
|
ret = await db.groupSumSql(query_str, "mc", "gm");
|
|
94
105
|
console.log('求和查询结果', ret);
|