Skip to content

Commit

Permalink
[bug] Parameterize sql query in getTableColumns; Fix bug 72340
Browse files Browse the repository at this point in the history
  • Loading branch information
@konovalovsergey
konovalovsergey committed Dec 26, 2024
1 parent 47aded4 commit 46c4980
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 6 deletions.
6 changes: 4 additions & 2 deletions DocService/sources/databaseConnectors/baseConnector.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,14 +370,16 @@ function getEmptyCallbacks(ctx) {

function getTableColumns(ctx, tableName) {
return new Promise(function(resolve, reject) {
const sqlCommand = `SELECT column_name as "column_name" FROM information_schema.COLUMNS WHERE TABLE_NAME = '${tableName}';`;
let values = [];
let sqlParam = addSqlParameter(tableName, values);
const sqlCommand = `SELECT column_name as "column_name" FROM information_schema.COLUMNS WHERE TABLE_NAME = ${sqlParam};`;
dbInstance.sqlQuery(ctx, sqlCommand, function(error, result) {
if (error) {
reject(error);
} else {
resolve(result);
}
});
}, undefined, undefined, values);
});
}

Expand Down
4 changes: 3 additions & 1 deletion DocService/sources/databaseConnectors/damengConnector.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,9 @@ function concatParams(val1, val2) {
}

async function getTableColumns(ctx, tableName) {
const result = await executeQuery(ctx, `SELECT column_name FROM DBA_TAB_COLUMNS WHERE table_name = '${tableName.toUpperCase()}';`);
let values = [];
let sqlParam = addSqlParameter(tableName.toUpperCase(), values);
const result = await executeQuery(ctx, `SELECT column_name FROM DBA_TAB_COLUMNS WHERE table_name = ${sqlParam};`, values);
return result.map(row => { return { column_name: row.column_name.toLowerCase() }});
}

Expand Down
6 changes: 4 additions & 2 deletions DocService/sources/databaseConnectors/mssqlConnector.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,8 +199,10 @@ function concatParams(...parameters) {
}

function getTableColumns(ctx, tableName) {
const sqlCommand = `SELECT column_name FROM information_schema.COLUMNS WHERE TABLE_NAME = '${tableName}' AND TABLE_SCHEMA = 'dbo';`;
return executeQuery(ctx, sqlCommand);
let values = [];
let sqlParam = addSqlParameter(tableName, values);
const sqlCommand = `SELECT column_name FROM information_schema.COLUMNS WHERE TABLE_NAME = ${sqlParam} AND TABLE_SCHEMA = 'dbo';`;
return executeQuery(ctx, sqlCommand, values);
}

function getDocumentsWithChanges(ctx) {
Expand Down
4 changes: 3 additions & 1 deletion DocService/sources/databaseConnectors/oracleConnector.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,9 @@ function concatParams(firstParameter, secondParameter) {
}

function getTableColumns(ctx, tableName) {
return executeQuery(ctx, `SELECT LOWER(column_name) AS column_name FROM user_tab_columns WHERE table_name = '${tableName.toUpperCase()}'`);
let values = [];
let sqlParam = addSqlParameter(tableName.toUpperCase(), values);
return executeQuery(ctx, `SELECT LOWER(column_name) AS column_name FROM user_tab_columns WHERE table_name = ${sqlParam}`, values);
}

function getEmptyCallbacks(ctx) {
Expand Down

0 comments on commit 46c4980

Please sign in to comment.