Skip to content

Commit

Permalink
temp
Browse files Browse the repository at this point in the history
  • Loading branch information
@jamadam
jamadam committed Oct 21, 2024
1 parent 76b2e26 commit f58042a
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 1 deletion.
10 changes: 10 additions & 0 deletions lib/Data/ObjectDriver/SQL.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,15 @@ sub as_sql_having {
'';
}

sub as_escape {
my ($stmt, $escape_char) = @_;

# escape_char can be ''(two quotes), or \\ for mysql and \ for others, but it doesn't accept any injections.
die 'escape_char length must be up to two characters' if defined($escape_char) && length($escape_char) > 2;

return " ESCAPE '$escape_char'";
}

sub add_where {
my $stmt = shift;
## xxx Need to support old range and transform behaviors.
Expand Down Expand Up @@ -270,6 +279,7 @@ sub _mk_term {
$term = "$c $val->{op} " . ${$val->{value}};
} else {
$term = "$c $val->{op} ?";
$term .= $stmt->as_escape($val->{escape}) if $val->{escape} && $op =~ /^(?:NOT\s+)?I?LIKE$/;
push @bind, $val->{value};
}
}
Expand Down
21 changes: 20 additions & 1 deletion t/11-sql.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
use strict;

use Data::ObjectDriver::SQL;
use Test::More tests => 95;
use Test::More tests => 102;

my $stmt = ns();
ok($stmt, 'Created SQL object');
Expand Down Expand Up @@ -231,6 +231,25 @@ is($stmt->as_sql_where, "WHERE ((foo = ?) AND (foo = ?) AND (foo = ?))\n");
$stmt->add_where(%terms);
is($stmt->as_sql_where, "WHERE ((foo = ?) AND (foo = ?) AND (foo = ?)) AND ((foo = ?) AND (foo = ?) AND (foo = ?))\n");

## as_escape
$stmt = ns();
$stmt->add_where(foo => {op => 'LIKE', value => '100%', escape => '\\'});
is($stmt->as_sql_where, "WHERE (foo LIKE ? ESCAPE '\\')\n");
is($stmt->bind->[0], '100%'); # escape doesn't automatically escape the value
$stmt = ns();
$stmt->add_where(foo => {op => 'LIKE', value => '100\\%', escape => '\\'});
is($stmt->as_sql_where, "WHERE (foo LIKE ? ESCAPE '\\')\n");
is($stmt->bind->[0], '100\\%');
$stmt = ns();
$stmt->add_where(foo => {op => 'LIKE', value => '100%', escape => '!'});
is($stmt->as_sql_where, "WHERE (foo LIKE ? ESCAPE '!')\n");
$stmt = ns();
$stmt->add_where(foo => {op => 'LIKE', value => '100%', escape => "''"});
is($stmt->as_sql_where, "WHERE (foo LIKE ? ESCAPE '''')\n");
$stmt = ns();
$stmt->add_where(foo => {op => 'LIKE', value => '100%', escape => "\\'"});
is($stmt->as_sql_where, "WHERE (foo LIKE ? ESCAPE '\\'')\n");

$stmt = ns();
$stmt->add_select(foo => 'foo');
$stmt->add_select('bar');
Expand Down

0 comments on commit f58042a

Please sign in to comment.