search

mysqljs / sqlstring

Simple SQL escape and format for MySQL
MIT License
403 stars 78 forks source link

can you add function for SELECT sql query #55

Closed devorel closed 4 years ago

devorel commented 4 years ago

https://github.com/mysqljs/sqlstring/blob/d3cd69ae47e83c610392c276e9e02357e0b740eb/lib/SqlString.js#L80

if (Object.keys(values).length > 1 && sql.toLowerCase().indexOf('select ') > -1 && (query.split(' ? ').length - 1) == 1) {
                sql = sql.replace('?', Object.keys(values).map((i) => {
                    return `${i}='${values[i]}'`;
                }).join(' AND '));
                values = 0;
            }

when i put some values for SELECT sql query, i get error ! so this add "and " between the parameters. 1)If SELECT sql query 2)If there are over 2 values (Because one works great) 3)If just one ? symbol (support in full query)

example

SELECT * FROM `customers` WHERE ?,{id:12345} =SELECT * FROM `customers` WHERE id='12345' //WORK

SELECT * FROM `customers` WHERE ?,{id:12345,pass:'pass'} =SELECT * FROM `customers` WHERE id='12345'**,** pass='pass',
error! so need replace the comma in "AND". like
SELECT * FROM `customers` WHERE ?,{id:12345,pass:'pass'} =SELECT * FROM `customers` WHERE id='12345' AND  pass='pass', 

SELECT * FROM `customers` WHERE id=? OR pass=?,{id:12345,pass:'pass'} =SELECT * FROM `customers` WHERE id='12345' OR pass='pass', //WORK (keep the old integration)
dougwilson commented 4 years ago

Hi @devorel your use-case is beyond this module. You would likely be interested in the various SQL query-builder modules on npm like https://hiddentao.github.io/squel/ . This module is just for escaping values, not for fully building queries.