How to use the mysql.escapeId function in mysql

To help you get started, we’ve selected a few mysql examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github gmalysa / db-filters / lib / queries.js View on Github external
return _.map(v, function(v, k) {
					// the table name for the key and the escaped identifier
					return mysql.escapeId(tables[k]) + '.' + mysql.escapeId(v);
				}).join(' = ');
			}).join(' AND ');
github careerbuilder / CloudSeed / tools / mysql_tools.js View on Github external
pool.getConnection(function(err, connection) {
      if(err) {
        console.log('Error connecting to database');
        return callback(err);
      }
      var update = "";
      for(var col in k_v){
        if(update.length>0){
          update+=', ';
        }
        update += mysql.escapeId(col)+'=VALUES('+mysql.escapeId(col)+')';
      }
      var q ='INSERT INTO ' + mysql.escapeId(dbName + '.stacks')+' (`Name`, `Region`, `Ready`, `Template`, `Parts`, `Variables`) VALUES(?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE '+update+';';
      connection.query(q, [k_v.Name, k_v.Region, k_v.Ready||false, JSON.stringify(k_v.Template), JSON.stringify(k_v.Parts), JSON.stringify(k_v.Variables)], function(err, result) {
        connection.release();
        if(err){
          console.log('Error adding stack');
          return callback(err);
        }
        return callback(null, result);
      });
    });
  }
github careerbuilder / CloudSeed / tools / mysql_tools.js View on Github external
pool.getConnection(function(err, connection) {
      if(err) {
        console.log('Error connecting to database');
        return callback(err);
      }
      var update = "";
      for(var col in k_v){
        if(update.length>0){
          update+=', ';
        }
        update += mysql.escapeId(col)+'=VALUES('+mysql.escapeId(col)+')';
      }
      var q ='INSERT INTO ' + mysql.escapeId(dbName + '.stacks')+' (`Name`, `Region`, `Ready`, `Template`, `Parts`, `Variables`) VALUES(?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE '+update+';';
      connection.query(q, [k_v.Name, k_v.Region, k_v.Ready||false, JSON.stringify(k_v.Template), JSON.stringify(k_v.Parts), JSON.stringify(k_v.Variables)], function(err, result) {
        connection.release();
        if(err){
          console.log('Error adding stack');
          return callback(err);
        }
        return callback(null, result);
      });
    });
  }
github projectOpenRAP / OpenRAP / dbsdk2 / index.js View on Github external
filters.map((filter, index) => {
            if(index === 0) {
                query = [
                            query,
                            'WHERE',
                            mysql.escapeId(filter.by),
                            (filter.if || filter.onlyIf).trim(),
                        ].join(' ');
            }
            else {
                query = [
                            query,
                            filter.if && 'OR',
                            filter.onlyIf && 'AND',
                            mysql.escapeId(filter.by),
                            (filter.if || filter.onlyIf).trim(),
                        ].join(' ');
            }
        });
    }
github fanfank / aap / backend / src / libs / sql.js View on Github external
var escapedTuples = basic.keys(tuples).map(function(key) {
            var value = tuples[key];
            var part = mysql.escapeId(key) + '=';
            if (typeof(value) == 'string') {
                value = mysql.escape(value);
            }
            part += value;
            return part;
        });
        sql = escapedTuples.join(seperator);
github shadow88sky / shadow-mysql / index.js View on Github external
function makeSQLSelect(table, columns, where, condition) {
    let col = '';
    if (columns instanceof (Array)) {
        col = columns.join(',');
    }
    let sql = "SELECT " + col + " FROM " + mysql.escapeId(table) + " WHERE 1=1 ";
    if (where) {
        sql += " AND " + convertObjectToSQLStringKV(where, '=', 'and');
    }
    sql += conditionToSQLString(condition);
    return sql;
}
github google / node-sec-roadmap / chapter-7 / examples / sql / index.js View on Github external
function escapeDelimitedValue (value, delimiter) {
  if (delimiter === '`') {
    return mysql.escapeId(String(value)).replace(/^`|`$/g, '')
  }
  const escaped = mysql.escape(String(value))
  return escaped.substring(1, escaped.length - 1)
}
github ryan-sandy / mysql-crud / crud.js View on Github external
db.getConnection(function (conErr, connection) {
        if (conErr) {
          return next(conErr);
        }
        var query, columns = '*';
        if (opts && opts.columns) {
          columns = mysql.escapeId(opts.columns);
        }
        try {
          query = andEscape("SELECT " + columns + " FROM " + table + " WHERE ??", attrs);
        } catch (e) {
          return next(e);
        }
          if (opts && opts.order) {
              query += ' ORDER BY ' + mysql.escapeId(opts.order);
          }
          if (opts && opts.order && opts.desc) {
              query += ' DESC ';
          }
        if (opts && opts.limit) {
          query += ' LIMIT ' + mysql.escape(opts.limit);
        }
        if (opts && opts.limit && opts.offset) {
          query += ' OFFSET ' + mysql.escape(opts.offset);
        }
        connection.query(query, function (err, rows) {
          connection.release();
          next(err, rows);
        });
      });
    },
github projectOpenRAP / OpenRAP / dbsdk2 / index.js View on Github external
filters.map((filter, index) => {
            if(index === 0) {
                query = [
                            query,
                            'WHERE',
                            mysql.escapeId(filter.by),
                            (filter.if || filter.onlyIf).trim(),
                        ].join(' ');
            }
            else {
                query = [
                            query,
                            filter.if && 'OR',
                            filter.onlyIf && 'AND',
                            mysql.escapeId(filter.by),
                            (filter.if || filter.onlyIf),
                        ].join(' ');
            }
        });
    }