Fix crash with objects and symbols

dxg · dxg · commit 244151f8c918 · 2018-06-27T12:15:35.000Z
diff --git a/.travis.yml b/.travis.yml
@@ -1,6 +1,6 @@
 language: node_js
 node_js:
-  - '0.8'
-  - '0.10'
-  - '0.12'
-  - 'iojs'
+  - '4'
+  - '6'
+  - '8'
+  - '10'
diff --git a/Changelog.md b/Changelog.md
@@ -1,3 +1,7 @@
+### v0.1.27 - 27 Jun 2018
+
+- Handle objects & symbols causing crash in driver 'escapeVal' (#54)
+
 ### v0.1.26 - 16 May 2015
 
 - Add support for SELECT TOP construct for mssql dialect for limit (#41)
diff --git a/lib/Dialects/mssql.js b/lib/Dialects/mssql.js
@@ -30,7 +30,7 @@ exports.escapeId = function () {
 };
 
 exports.escapeVal = function (val, timeZone) {
-	if (val === undefined || val === null) {
+	if (val === undefined || val === null || typeof val === "symbol") {
 		return 'NULL';
 	}
 
@@ -60,6 +60,10 @@ exports.escapeVal = function (val, timeZone) {
 			return val ? 1 : 0;
 		case "function":
 			return val(exports);
+		case "string":
+			break;
+		default:
+			val = JSON.stringify(val);
 	}
 
 	return "'" + val.replace(/\'/g, "''") + "'";
diff --git a/lib/Dialects/mysql.js b/lib/Dialects/mysql.js
@@ -30,7 +30,7 @@ exports.escapeId = function () {
 };
 
 exports.escapeVal = function (val, timeZone) {
-	if (val === undefined || val === null) {
+	if (val === undefined || val === null || typeof val === "symbol") {
 		return 'NULL';
 	}
 
diff --git a/lib/Dialects/postgresql.js b/lib/Dialects/postgresql.js
@@ -30,7 +30,7 @@ exports.escapeId = function () {
 };
 
 exports.escapeVal = function (val, timeZone) {
-	if (val === undefined || val === null) {
+	if (val === undefined || val === null || typeof val === "symbol") {
 		return 'NULL';
 	}
 
@@ -60,6 +60,10 @@ exports.escapeVal = function (val, timeZone) {
 			return val ? "true" : "false";
 		case "function":
 			return val(exports);
+		case "string":
+			break;
+		default:
+			val = JSON.stringify(val);
 	}
 	// No need to escape backslashes with default PostgreSQL 9.1+ config.
 	// Google 'postgresql standard_conforming_strings' for details.
diff --git a/lib/Dialects/sqlite.js b/lib/Dialects/sqlite.js
@@ -18,7 +18,7 @@ exports.escape = function (query, args) {
 exports.escapeId = require("./mysql").escapeId;
 
 exports.escapeVal = function (val, timeZone) {
-	if (val === undefined || val === null) {
+	if (val === undefined || val === null || typeof val === "symbol") {
 		return 'NULL';
 	}
 
@@ -48,6 +48,10 @@ exports.escapeVal = function (val, timeZone) {
 			return val ? 1 : 0;
 		case "function":
 			return val(exports);
+		case "string":
+			break;
+		default:
+			val = JSON.stringify(val);
 	}
 
 	// No need to escape backslashes with default PostgreSQL 9.1+ config.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -5,15 +5,20 @@
 	"keywords": [
 		"sql",
 		"query"
-  	],
-	"version": "0.1.26",
+	],
+	"version": "0.1.27",
 	"license": "MIT",
 	"repository": {
 		"url": "http://github.com/dresende/node-sql-query"
 	},
 	"contributors": [
-		{ "name" : "Benjamin Pannell", "email" : "admin@sierrasoftworks.com" },
-		{ "name" : "Arek W" }
+		{
+			"name": "Benjamin Pannell",
+			"email": "admin@sierrasoftworks.com"
+		},
+		{
+			"name": "Arek W"
+		}
 	],
 	"scripts": {
 		"test": "make"
diff --git a/test/integration/test-dialect-mssql.js b/test/integration/test-dialect-mssql.js
@@ -69,6 +69,16 @@ assert.equal(
   "0"
 );
 
+assert.equal(
+  dialect.escapeVal({ key: 'value' }),
+  "'{\"key\":\"value\"}'"
+);
+
+assert.equal(
+  dialect.escapeVal(Symbol("why does this exist")),
+  "NULL"
+)
+
 assert.equal(
   dialect.escapeVal(new Date(d.getTime() + tzOffsetMillis)),
   "'2013-09-04 19:15:11.133'"
diff --git a/test/integration/test-dialect-mysql.js b/test/integration/test-dialect-mysql.js
@@ -69,6 +69,16 @@ assert.equal(
 	"false"
 );
 
+assert.equal(
+  dialect.escapeVal({ key: 'value' }),
+  "`key` = 'value'"
+);
+
+assert.equal(
+	dialect.escapeVal(Symbol("why does this exist")),
+	"NULL"
+)
+
 assert.equal(
 	dialect.escapeVal(new Date(d.getTime() + tzOffsetMillis)),
 	"'2013-09-04 19:15:11.133'"
diff --git a/test/integration/test-dialect-postgresql.js b/test/integration/test-dialect-postgresql.js
@@ -74,6 +74,16 @@ assert.equal(
 	"false"
 );
 
+assert.equal(
+  dialect.escapeVal({ key: 'value' }),
+  "'{\"key\":\"value\"}'"
+);
+
+assert.equal(
+	dialect.escapeVal(Symbol("why does this exist")),
+	"NULL"
+)
+
 assert.equal(
 	dialect.escapeVal(new Date(d.getTime() + tzOffsetMillis)),
 	"'2013-09-04 19:15:11.133'"
diff --git a/test/integration/test-dialect-sqlite.js b/test/integration/test-dialect-sqlite.js
@@ -69,6 +69,16 @@ assert.equal(
 	"0"
 );
 
+assert.equal(
+  dialect.escapeVal({ key: 'value' }),
+  "'{\"key\":\"value\"}'"
+);
+
+assert.equal(
+	dialect.escapeVal(Symbol("why does this exist")),
+	"NULL"
+)
+
 assert.equal(
 	dialect.escapeVal(new Date(d.getTime() + tzOffsetMillis)),
 	"'2013-09-04 19:15:11.133'"

-Original file line number
+Diff line change
@@ @@ -1,6 +1,6 @@ @@
 language: node_js
 node_js:
 -  - '0.8'
 -  - '0.10'
 -  - '0.12'
 -  - 'iojs'
 +  - '4'
 +  - '6'
 +  - '8'
 +  - '10'
Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ exports.escapeId = function () {`
`30`	`30`	`};`
`31`	`31`
`32`	`32`	`exports.escapeVal = function (val, timeZone) {`
`33`		`- if (val === undefined \|\| val === null) {`
	`33`	`+ if (val === undefined \|\| val === null \|\| typeof val === "symbol") {`
`34`	`34`	`return 'NULL';`
`35`	`35`	`}`
`36`	`36`