Skip to content

Commit

Permalink
fix: boolean parameter escape in SQLiteDriver (#9400)
Browse files Browse the repository at this point in the history 
* fix: sqlite boolean parameter escape

sqlite does not support boolean parameters. Even though sqlite is able to transform true to 1 and false to 0 there might be some limitations with other implementations that build up on this.

Fixes: #1981 (again)

* fix: remove obsolete where boolean value transformation

3cbbe90 already handles the boolean value transformation so it is not necessary to have additional code in the query runner for handling this

* test: add test cases for sqlite query parameter escape

* fix typo
  • Loading branch information
@michaelwolz
michaelwolz committed Nov 5, 2022
1 parent 6eb674b commit 4a36d0e
Show file tree
Hide file tree
Showing 3 changed files with 85 additions and 7 deletions.
7 changes: 0 additions & 7 deletions src/driver/better-sqlite3/BetterSqlite3QueryRunner.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,13 +83,6 @@ export class BetterSqlite3QueryRunner extends AbstractSqliteQueryRunner {

const connection = this.driver.connection

parameters = parameters || []
for (let i = 0; i < parameters.length; i++) {
// in "where" clauses the parameters are not escaped by the driver
if (typeof parameters[i] === "boolean")
parameters[i] = +parameters[i]
}

this.driver.connection.logger.logQuery(query, parameters, this)
const queryStartTime = +new Date()

Expand Down
10 changes: 10 additions & 0 deletions src/driver/sqlite-abstract/AbstractSqliteDriver.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,16 @@ export abstract class AbstractSqliteDriver implements Driver {
return String(value)
}

// Sqlite does not have a boolean data type so we have to transform
// it to 1 or 0
if (typeof value === "boolean") {
escapedParameters.push(+value)
return this.createParameter(
key,
escapedParameters.length - 1,
)
}

if (value instanceof Date) {
escapedParameters.push(
DateUtils.mixedDateToUtcDatetimeString(value),
Expand Down
75 changes: 75 additions & 0 deletions test/functional/driver/abstract-sqlite/abstract-sqlite-escape-query-parameters.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
import { DataSource } from "../../../../src"
import {
createTestingConnections,
reloadTestingDatabases,
closeTestingConnections,
} from "../../../utils/test-utils"

describe("escape sqlite query parameters", () => {
let connections: DataSource[]
before(
async () =>
(connections = await createTestingConnections({
entities: [__dirname + "/entity/*{.js,.ts}"],
enabledDrivers: ["sqlite", "better-sqlite3"],
})),
)
beforeEach(() => reloadTestingDatabases(connections))
after(() => closeTestingConnections(connections))

it("should transform boolean parameters with value `true` into `1`", () =>
Promise.all(
connections.map((connection) => {
const [_, parameters] =
connection.driver.escapeQueryWithParameters(
"SELECT nothing FROM irrelevant WHERE a = :param1",
{ param1: true },
{},
)

parameters.should.eql([1])
}),
))

it("should transform boolean parameters with value `false` into `0`", () =>
Promise.all(
connections.map((connection) => {
const [_, parameters] =
connection.driver.escapeQueryWithParameters(
"SELECT nothing FROM irrelevant WHERE a = :param1",
{ param1: false },
{},
)

parameters.should.eql([0])
}),
))

it("should transform boolean nativeParameters with value `true` into `1`", () =>
Promise.all(
connections.map((connection) => {
const [_, parameters] =
connection.driver.escapeQueryWithParameters(
"SELECT nothing FROM irrelevant",
{},
{ nativeParam1: true },
)

parameters.should.eql([1])
}),
))

it("should transform boolean nativeParameters with value `false` into 0", () =>
Promise.all(
connections.map((connection) => {
const [_, parameters] =
connection.driver.escapeQueryWithParameters(
"SELECT nothing FROM irrelevant",
{},
{ nativeParam1: false },
)

parameters.should.eql([0])
}),
))
})

0 comments on commit 4a36d0e

Please sign in to comment.