-
-
Notifications
You must be signed in to change notification settings - Fork 6.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
escape columns in InsertQueryBuilder.orUpdate #6316
Conversation
if (statement && Array.isArray(statement.columns)) | ||
this.expressionMap.onUpdate.columns = statement.columns.map(column => `${column} = :${column}`).join(", "); | ||
this.expressionMap.onUpdate.columns = statement.columns.map(column => `${this.escape(column)} = :${column}`).join(", "); | ||
if (statement && Array.isArray(statement.overwrite)) { | ||
if (this.connection.driver instanceof MysqlDriver || this.connection.driver instanceof AuroraDataApiDriver) { | ||
this.expressionMap.onUpdate.overwrite = statement.overwrite.map(column => `${column} = VALUES(${column})`).join(", "); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why did you ignore a mysql?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i do not work with MySQL so i don't know if it's needed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MySQL might not need this as it preserves case sensitivity for column names if no quotes. https://seeq.atlassian.net/wiki/spaces/KB/pages/443088907/SQL+Column+Names+and+Case+Sensitivity
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we escape MySQL anyways as part of this to improve that side of things as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In code for columns pleerock removed extra escaping from columns some two years ago :) . So probably more stable decision needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so what is the decision? should i add escaping for MySQL or not? I didn't work with MySQL for few years now so i do not know if it's needed or if it breaks something when it's escaped when you don't need to escape.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gintsgints do you have any insights on why we removed extra escaping?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Vrtak-CZ it will be consistent if we add for MySQL as well. Case sensitivity preservation is a configuration option that is different by default in different databases.
You are sure |
7220090
to
0a65444
Compare
I'm not.
Few tests added |
Can you rebase against master so the tests kick off fully? |
0a65444
to
c977ae3
Compare
@imnotjames done |
Unfortunately, some test failures.
|
1f73bd6
to
86198a6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like a great change to make. Test cases can be improved, maybe.
test/functional/query-builder/insert-on-conflict/query-builder-insert-on-conflict.ts
Show resolved
Hide resolved
if (statement && Array.isArray(statement.columns)) | ||
this.expressionMap.onUpdate.columns = statement.columns.map(column => `${column} = :${column}`).join(", "); | ||
this.expressionMap.onUpdate.columns = statement.columns.map(column => `${this.escape(column)} = :${column}`).join(", "); | ||
if (statement && Array.isArray(statement.overwrite)) { | ||
if (this.connection.driver instanceof MysqlDriver || this.connection.driver instanceof AuroraDataApiDriver) { | ||
this.expressionMap.onUpdate.overwrite = statement.overwrite.map(column => `${column} = VALUES(${column})`).join(", "); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we escape MySQL anyways as part of this to improve that side of things as well?
50d9fb6
to
717ccc1
Compare
717ccc1
to
1238d63
Compare
is there anything more I can do? |
Sorry for delayed merge. Thank you for contribution! |
Fixies this use-case
because it generates:
and it causes:
instead of: