Quote table names and columns (#105)

quote table and column names
alfateam · Jun 7, 2024 · 5c04698 · 5c04698
1 parent 60717e1
commit 5c04698
Show file tree

Hide file tree

Showing 99 changed files with 460 additions and 691 deletions.
diff --git a/src/getManyDto/query/newColumnSql.js b/src/getManyDto/query/newColumnSql.js
diff --git a/src/getManyDto/query/newSingleQuery.js b/src/getManyDto/query/newSingleQuery.js
@@ -2,17 +2,18 @@ var newColumnSql = require('../../table/query/singleQuery/newColumnSql');
 var newWhereSql = require('../../table/query/singleQuery/newWhereSql');
 var newJoinSql = require('../../table/query/singleQuery/newJoinSql');
 var newParameterized = require('../../table/query/newParameterized');
+var getSessionSingleton = require('../../table/getSessionSingleton');
 
 function _new(table,filter,span, alias,orderBy,limit,offset) {
-//todo
-	var name = table._dbName;
+	var quote = getSessionSingleton('quote');
+	var name = quote(table._dbName);
 	var columnSql = newColumnSql(table,span,alias,true);
 	var joinSql = newJoinSql(span, alias);
 	var whereSql = newWhereSql(table,filter,alias);
 	if (limit)
 		limit = limit + ' ';
 
-	return newParameterized('select ' + limit + columnSql + ' from ' + name + ' ' + alias).append(joinSql).append(whereSql).append(orderBy + offset);
+	return newParameterized('select ' + limit + columnSql + ' from ' + name + ' ' + quote(alias)).append(joinSql).append(whereSql).append(orderBy + offset);
 
 }
 

diff --git a/src/getManyDto/query/singleQuery/newJoinedColumnSql.js b/src/getManyDto/query/singleQuery/newJoinedColumnSql.js
diff --git a/src/getManyDto/query/singleQuery/newShallowColumnSql.js b/src/getManyDto/query/singleQuery/newShallowColumnSql.js
diff --git a/src/mssql/newTransaction.js b/src/mssql/newTransaction.js
@@ -54,6 +54,7 @@ function newResolveTransaction(domain, pool) {
 					caller.visitSqlite();
 				};
 				rdb.aggregateCount = 0;
+				rdb.quote = (name) => `[${name}]`;
 				domain.rdb = rdb;
 				onSuccess();
 			} catch (e) {

diff --git a/src/mySql/deleteFromSql.js b/src/mySql/deleteFromSql.js
@@ -1,8 +1,10 @@
 var format = 'delete %s from %s as %s%s';
 var util = require('util');
+const quote = require('../table/quote');
 
 function deleteFromSql(table, alias, whereSql) {
-	var name = table._dbName;
+	var name = quote(table._dbName);
+	alias = quote(alias);
 	return util.format(format, alias, name, alias, whereSql);
 }
 module.exports = deleteFromSql;
diff --git a/src/mySql/insertSql.js b/src/mySql/insertSql.js
@@ -1,9 +1,12 @@
+const getSessionSingleton = require('../table/getSessionSingleton');
+
 function insertSql(table, row, options) {
+	const quote = getSessionSingleton('quote');
 	let columnNames = [];
 	let regularColumnNames = [];
 	let conflictColumnUpdateSql = '';
 	let values = [];
-	let sql = 'INSERT INTO ' + table._dbName + ' ';
+	let sql = 'INSERT INTO ' + quote(table._dbName) + ' ';
 	addDiscriminators();
 	addColumns();
 	if (columnNames.length === 0) {
@@ -25,7 +28,7 @@ function insertSql(table, row, options) {
 		let discriminators = table._columnDiscriminators;
 		for (let i = 0; i < discriminators.length; i++) {
 			let parts = discriminators[i].split('=');
-			columnNames.push(parts[0]);
+			columnNames.push(quote(parts[0]));
 			values.push(parts[1]);
 		}
 	}
@@ -35,25 +38,29 @@ function insertSql(table, row, options) {
 		let columns = table._columns;
 		for (let i = 0; i < columns.length; i++) {
 			let column = columns[i];
-			regularColumnNames.push(column._dbName);
+			const columnName = quote(column._dbName);
+			regularColumnNames.push(columnName);
 			if (row['__' + column.alias] !== undefined) {
-				columnNames.push(column._dbName);
+				columnNames.push(columnName);
 				values.push('%s');
 				addConflictUpdate(column);
 			}
 		}
 		if (conflictColumnUpdates.length === 0) {
 			const column = table._primaryColumns[0];
-			conflictColumnUpdates.push(`${column._dbName}=VALUES(${column._dbName})`);
+			const columnName = quote(column._dbName);
+			conflictColumnUpdates.push(`${columnName}=VALUES(${columnName})`);
 		}
 		conflictColumnUpdateSql = conflictColumnUpdates.join(',');
 
 		function addConflictUpdate(column) {
 			let concurrency = options[column.alias]?.concurrency || options.concurrency;
+			const columnName = quote(column._dbName);
+			const tableName = quote(table._dbName);
 			if (concurrency === 'overwrite') {
-				conflictColumnUpdates.push(`${column._dbName}=VALUES(${column._dbName})`);
+				conflictColumnUpdates.push(`${columnName}=VALUES(${columnName})`);
 			} else if (concurrency === 'optimistic') {
-				conflictColumnUpdates.push(`${column._dbName} = CASE WHEN ${table._dbName}.${column._dbName} <> VALUES(${column._dbName}) THEN CAST('12345678-1234-1234-1234-123456789012Conflict when updating ${column._dbName}12345678-1234-1234-1234-123456789012' AS SIGNED) ELSE ${table._dbName}.${column._dbName} END`);
+				conflictColumnUpdates.push(`${columnName} = CASE WHEN ${tableName}.${columnName} <> VALUES(${columnName}) THEN CAST('12345678-1234-1234-1234-123456789012Conflict when updating ${columnName}12345678-1234-1234-1234-123456789012' AS SIGNED) ELSE ${tableName}.${columnName} END`);
 			}
 		}
 	}

diff --git a/src/mySql/lastInsertedSql.js b/src/mySql/lastInsertedSql.js
@@ -1,8 +1,11 @@
+const getSessionSingleton = require('../table/getSessionSingleton');
+
 function lastInsertedSql(table, keyValues) {
+	const quote = getSessionSingleton('quote');
 	return keyValues.map((value,i) => {
 		let column = table._primaryColumns[i];
 		if (value === undefined && column.tsType === 'NumberColumn')
-			return `${column._dbName}=LAST_INSERT_ID()`;
+			return `${quote(column._dbName)}=LAST_INSERT_ID()`;
 		else
 			return column.eq(value);
 	});

diff --git a/src/mySql/newTransaction.js b/src/mySql/newTransaction.js
@@ -42,6 +42,7 @@ function newResolveTransaction(domain, pool) {
 					caller.visitMySql();
 				};
 				rdb.aggregateCount = 0;
+				rdb.quote = (name) => `\`${name}\``;
 				domain.rdb = rdb;
 				onSuccess();
 			} catch (e) {

diff --git a/src/oracle/deleteFromSql.js b/src/oracle/deleteFromSql.js
@@ -1,8 +1,10 @@
 var format = 'delete from %s where %s.rowId in (SELECT %s.rowId FROM %s %s%s)';
 var util = require('util');
+const quote = require('../table/quote');
 
 function deleteFromSql(table, alias, whereSql) {
-	var name = table._dbName;
+	var name = quote(table._dbName);
+	alias = quote(alias);
 	return util.format(format, name, name, alias, name, alias, whereSql);
 }
 module.exports = deleteFromSql;
diff --git a/src/oracle/formatDateOut.js b/src/oracle/formatDateOut.js
@@ -1,5 +1,7 @@
+const quote = require('../table/quote');
+
 function formatDateColumn(column, alias) {
-	return `TO_CHAR(${alias}.${column._dbName}, 'YYYY-MM-DD"T"HH24:MI:SS.FF3')`;
+	return `TO_CHAR(${alias}.${quote(column._dbName)}, 'YYYY-MM-DD"T"HH24:MI:SS.FF3')`;
 }
 
 module.exports = formatDateColumn;
diff --git a/src/oracle/insertSql.js b/src/oracle/insertSql.js
@@ -1,5 +1,6 @@
 let outputInsertedSql = require('./outputInsertedSql');
 let mergeSql = require('./mergeSql');
+const getSessionSingleton = require('../table/getSessionSingleton');
 
 function getSqlTemplate(_table, _row, options) {
 	if (hasConcurrency(_table, options) && hasColumns())
@@ -26,14 +27,15 @@ function hasConcurrency(table,options) {
 }
 
 function insertSql(table, row) {
+	const quote = getSessionSingleton('quote');
 	let columnNames = [];
 	let regularColumnNames = [];
 	let values = [];
-	let sql = 'INSERT INTO ' + table._dbName + ' ';
+	let sql = 'INSERT INTO "' + table._dbName + '" ';
 	addDiscriminators();
 	addColumns();
 	if (columnNames.length === 0)
-		sql += `${outputInserted()} (${table._primaryColumns[0]._dbName}) VALUES(DEFAULT)`;
+		sql += `${outputInserted()} (${quote(table._primaryColumns[0]._dbName)}) VALUES(DEFAULT)`;
 	else
 		sql = sql + '('+ columnNames.join(',') + ')' + outputInserted() +  'VALUES (' + values.join(',') + ')';
 	return sql;
@@ -42,7 +44,7 @@ function insertSql(table, row) {
 		let discriminators = table._columnDiscriminators;
 		for (let i = 0; i < discriminators.length; i++) {
 			let parts = discriminators[i].split('=');
-			columnNames.push(parts[0]);
+			columnNames.push(quote(parts[0]));
 			values.push(parts[1]);
 		}
 	}
@@ -51,9 +53,10 @@ function insertSql(table, row) {
 		let columns = table._columns;
 		for (let i = 0; i < columns.length; i++) {
 			let column = columns[i];
-			regularColumnNames.push(column._dbName);
+			const columnName = quote(column._dbName);
+			regularColumnNames.push(columnName);
 			if (row['__' + column.alias] !== undefined) {
-				columnNames.push(column._dbName);
+				columnNames.push(columnName);
 				if (column.tsType === 'DateColumn')
 					values.push('TO_TIMESTAMP(%s, \'YYYY-MM-DD"T"HH24:MI:SS.FF6\')');
 				else

diff --git a/src/oracle/mergeSql.js b/src/oracle/mergeSql.js
@@ -1,6 +1,8 @@
 const outputInsertedSql = require('./outputInsertedSql');
+const getSessionSingleton = require('../table/getSessionSingleton');
 
 function insertSql(table, row, options) {
+	const quote = getSessionSingleton('quote');
 	let columnNames = [];
 	let regularColumnNames = [];
 	let conflictColumnUpdateSql = '';
@@ -11,18 +13,17 @@ function insertSql(table, row, options) {
 	const matched = whenMatched();
 	let sql;
 	if (matched)
-		sql = `MERGE INTO ${table._dbName} target USING (SELECT ${values.join(',')} FROM DUAL) source ON (${join()}) WHEN MATCHED THEN ${matched} WHEN NOT MATCHED THEN ${whenNotMatched()} ${outputInsertedSql(table)}`;
+		sql = `MERGE INTO ${quote(table._dbName)} target USING (SELECT ${values.join(',')} FROM DUAL) source ON (${join()}) WHEN MATCHED THEN ${matched} WHEN NOT MATCHED THEN ${whenNotMatched()} ${outputInsertedSql(table)}`;
 	else
-		sql = `MERGE INTO ${table._dbName} target USING (SELECT ${values.join(',')} FROM DUAL) source ON (${join()}) WHEN NOT MATCHED THEN ${whenNotMatched()} ${outputInsertedSql(table)}`;
+		sql = `MERGE INTO ${quote(table._dbName)} target USING (SELECT ${values.join(',')} FROM DUAL) source ON (${join()}) WHEN NOT MATCHED THEN ${whenNotMatched()} ${outputInsertedSql(table)}`;
 	return sql;
 
 	function join() {
 		const discriminators = table._columnDiscriminators.map(x => {
 			const name = x.split('=')[0];
-
-			return `target.${name}=source.${name}`;
+			return `target."${name}"=source."${name}"`;
 		});
-		const primaries = table._primaryColumns.map(x => `target.${x._dbName}=source.${x._dbName}`);
+		const primaries = table._primaryColumns.map(x => `target.${quote(x._dbName)}=source.${quote(x._dbName)}`);
 		return [...discriminators, ...primaries].join(' AND ');
 	}
 
@@ -41,8 +42,8 @@ function insertSql(table, row, options) {
 		let discriminators = table._columnDiscriminators;
 		for (let i = 0; i < discriminators.length; i++) {
 			let parts = discriminators[i].split('=');
-			columnNames.push(parts[0]);
-			values.push(`${parts[1]} ${parts[0]}`);
+			columnNames.push(quote(parts[0]));
+			values.push(`${parts[1]} ${quote(parts[0])}`);
 		}
 	}
 
@@ -51,10 +52,11 @@ function insertSql(table, row, options) {
 		let columns = table._columns;
 		for (let i = 0; i < columns.length; i++) {
 			let column = columns[i];
-			regularColumnNames.push(column._dbName);
+			const columnName = quote(column._dbName);
+			regularColumnNames.push(columnName);
 			if (row['__' + column.alias] !== undefined) {
-				columnNames.push(column._dbName);
-				values.push(`%s ${column.alias}`);
+				columnNames.push(columnName);
+				values.push(`%s ${quote(column.alias)}`);
 				if (!column.isPrimary)
 					addConflictUpdate(column);
 			}
@@ -66,11 +68,12 @@ function insertSql(table, row, options) {
 
 		function addConflictUpdate(column) {
 			let concurrency = options[column.alias]?.concurrency || options.concurrency;
+			const columnName = quote(column._dbName);
 			if (concurrency === 'overwrite')
-				conflictColumnUpdates.push(`target.${column._dbName}=source.${column._dbName}`);
+				conflictColumnUpdates.push(`target.${columnName}=source.${columnName}`);
 			else if (concurrency === 'optimistic')
 				// conflictColumnUpdates.push(`target.${column._dbName} = CASE WHEN target.${column._dbName} <> source.${column._dbName} THEN RAISE_APPLICATION_ERROR(-20001, 'Conflict when updating ${column._dbName}') ELSE target.${column._dbName} END`);
-				conflictColumnUpdates.push(`target.${column._dbName} = CASE WHEN target.${column._dbName} <> source.${column._dbName} THEN 1/0 ELSE target.${column._dbName} END`);
+				conflictColumnUpdates.push(`target.${columnName} = CASE WHEN target.${columnName} <> source.${columnName} THEN 1/0 ELSE target.${columnName} END`);
 
 		}
 	}

diff --git a/src/oracle/newTransaction.js b/src/oracle/newTransaction.js
@@ -47,6 +47,7 @@ function newResolveTransaction(domain, pool) {
 					caller.visitSqlite();
 				};
 				rdb.aggregateCount = 0;
+				rdb.quote = (name) => `"${name}"`;
 				domain.rdb = rdb;
 				onSuccess();
 			} catch (e) {

diff --git a/src/oracle/selectForUpdateSql.js b/src/oracle/selectForUpdateSql.js
@@ -1,3 +1,5 @@
+const quote = require('../table/quote');
+
 module.exports = function(alias) {
-	return ' FOR UPDATE OF ' + alias;
+	return ' FOR UPDATE OF ' + quote(alias);
 };
diff --git a/src/pg/deleteFromSql.js b/src/pg/deleteFromSql.js
@@ -1,8 +1,10 @@
 var format = 'delete from %s %s%s';
 var util = require('util');
+const quote = require('../table/quote');
 
 function deleteFromSql(table, alias, whereSql) {
-	var name = table._dbName;
+	var name = quote(table._dbName);
+	alias = quote(alias);
 	return util.format(format, name, alias, whereSql);
 }
 module.exports = deleteFromSql;
diff --git a/src/pg/formatDateOut.js b/src/pg/formatDateOut.js
@@ -1,5 +1,7 @@
+const quote = require('../table/quote');
+
 function formatDateOut(column, alias) {
-	return `${alias}.${column._dbName}::text`;
+	return `${alias}.${quote(column._dbName)}::text`;
 }
 
 module.exports = formatDateOut;