insert 生成的语句有转义问题

wangweianger / mysqls

It is written in JavaScript,crud for mysql.You can also use transactions very easily.

Other

107 stars 23 forks source link

insert 生成的语句有转义问题 #15

Open everlose opened 3 years ago

everlose commented 3 years ago

insert 插入

> sql.table('product').data({name: '"sdsd"'}).insert()
`INSERT INTO product (name) VALUES ('\\"sdsd\\"')`

> sql.table('product').data({name: '```var date = new Date()```'}).insert()
"INSERT INTO product (name) VALUES (''''var date = new Date()'''')"

看起来你防住了 "，但是没有防住 `

everlose commented 3 years ago

哦我明白了，看起来你是吧 ` 强行转为了 '

everlose commented 3 years ago

const sqlStr = `SELECT ${result.replace(/'/g, '\'').replace(/`/g, '\'')} `;

这句话可以去掉 replace(/`/g, '\'') 的描述吧