diff --git a/lib/SqlFragment.js b/lib/SqlFragment.js index 6b3c5e350..e26080fad 100644 --- a/lib/SqlFragment.js +++ b/lib/SqlFragment.js @@ -8,10 +8,9 @@ var _classCallCheck2 = _interopRequireDefault(require("@babel/runtime/helpers/cl var _createClass2 = _interopRequireDefault(require("@babel/runtime/helpers/createClass")); -var SqlFragment, _, pgescape; +var SqlFragment, _, escapeString; -_ = require('lodash'); -pgescape = require('pg-escape'); // Fragment of SQL that has sql (text) and params (array) +_ = require('lodash'); // Fragment of SQL that has sql (text) and params (array) module.exports = SqlFragment = /*#__PURE__*/function () { function SqlFragment(sql, params) { @@ -54,7 +53,7 @@ module.exports = SqlFragment = /*#__PURE__*/function () { } if (typeof val === "string") { - return pgescape.literal(val); + return escapeString(val); } if (typeof val === "number") { @@ -74,7 +73,7 @@ module.exports = SqlFragment = /*#__PURE__*/function () { } if ((0, _typeof2["default"])(val) === "object") { - return "(" + pgescape.literal(JSON.stringify(val)) + "::json)"; + return "(" + escapeString(JSON.stringify(val)) + "::json)"; } throw new Error("Unsupported literal value: " + val); @@ -103,4 +102,13 @@ module.exports = SqlFragment = /*#__PURE__*/function () { } }]); return SqlFragment; -}(); \ No newline at end of file +}(); + +escapeString = function escapeString(val) { + var backslash, prefix; + backslash = ~val.indexOf('\\'); + prefix = backslash ? 'E' : ''; + val = val.replace(/'/g, '\'\''); + val = val.replace(/\\/g, '\\\\'); + return prefix + '\'' + val + '\''; +}; \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index 5d8edd51d..2099d9697 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7658,11 +7658,6 @@ "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=", "dev": true }, - "pg-escape": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/pg-escape/-/pg-escape-0.1.0.tgz", - "integrity": "sha1-9teke3u+UxpQ7qmy6hmjkcCJOgo=" - }, "picomatch": { "version": "2.2.2", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.2.2.tgz", diff --git a/package.json b/package.json index 63f900a8b..c42342b08 100644 --- a/package.json +++ b/package.json @@ -26,8 +26,7 @@ "dependencies": { "js-yaml": "^3.3.1", "lodash": "^3.9.3", - "minimist": "^1.1.3", - "pg-escape": "^0.1.0" + "minimist": "^1.1.3" }, "devDependencies": { "build-library": "github:mWater/build-library", diff --git a/src/SqlFragment.coffee b/src/SqlFragment.coffee index 54fcba202..2a3973100 100644 --- a/src/SqlFragment.coffee +++ b/src/SqlFragment.coffee @@ -1,5 +1,4 @@ _ = require 'lodash' -pgescape = require 'pg-escape' # Fragment of SQL that has sql (text) and params (array) module.exports = class SqlFragment @@ -32,7 +31,7 @@ module.exports = class SqlFragment return "null" if typeof(val) == "string" - return pgescape.literal(val) + return escapeString(val) if typeof(val) == "number" return "" + val @@ -44,7 +43,7 @@ module.exports = class SqlFragment return "array[" + _.map(val, escapeLiteral).join(',') + "]" if typeof(val) == "object" - return "(" + pgescape.literal(JSON.stringify(val)) + "::json)" + return "(" + escapeString(JSON.stringify(val)) + "::json)" throw new Error("Unsupported literal value: " + val) @@ -62,3 +61,10 @@ module.exports = class SqlFragment return sql +escapeString = (val) -> + backslash = ~val.indexOf('\\') + prefix = if backslash then 'E' else '' + val = val.replace(/'/g, '\'\'') + val = val.replace(/\\/g, '\\\\') + return prefix + '\'' + val + '\'' + \ No newline at end of file