feat: escape column names

checkpoint-labs · Nov 18, 2022 · bd01e99 · bd01e99
1 parent 38f7985
commit bd01e99
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 23 deletions.
diff --git a/src/graphql/controller.ts b/src/graphql/controller.ts
@@ -199,15 +199,15 @@ export class GqlEntityController {
       this.getTypeFields(type).forEach(field => {
         const sqlType = this.getSqlType(field.type);
 
-        sql += `\n  ${field.name} ${sqlType}`;
+        sql += `\n  \`${field.name}\` ${sqlType}`;
         if (field.type instanceof GraphQLNonNull) {
           sql += ' NOT NULL,';
         } else {
           sql += ',';
         }
 
         if (!['TEXT', 'JSON'].includes(sqlType)) {
-          sqlIndexes += `,\n  INDEX ${field.name} (${field.name})`;
+          sqlIndexes += `,\n  INDEX \`${field.name}\` (\`${field.name}\`)`;
         }
       });
       sql += `\n  PRIMARY KEY (id) ${sqlIndexes}\n);\n`;

diff --git a/src/graphql/resolvers.ts b/src/graphql/resolvers.ts
@@ -27,27 +27,27 @@ export async function queryMulti(parent, args, context: ResolverContext, info) {
       let param = w[1];
 
       if (w[0].endsWith('_not')) {
-        whereSql += `${w[0].slice(0, -4)} != ?`;
+        whereSql += `\`${w[0].slice(0, -4)}\` != ?`;
       } else if (w[0].endsWith('_gt')) {
-        whereSql += `${w[0].slice(0, -3)} > ?`;
+        whereSql += `\`${w[0].slice(0, -3)}\` > ?`;
       } else if (w[0].endsWith('_gte')) {
-        whereSql += `${w[0].slice(0, -4)} >= ?`;
+        whereSql += `\`${w[0].slice(0, -4)}\` >= ?`;
       } else if (w[0].endsWith('_lt')) {
-        whereSql += `${w[0].slice(0, -3)} < ?`;
+        whereSql += `\`${w[0].slice(0, -3)}\` < ?`;
       } else if (w[0].endsWith('_lte')) {
-        whereSql += `${w[0].slice(0, -4)} <= ?`;
+        whereSql += `\`${w[0].slice(0, -4)}\` <= ?`;
       } else if (w[0].endsWith('_not_contains')) {
-        whereSql += `${w[0].slice(0, -13)} NOT LIKE ?`;
+        whereSql += `\`${w[0].slice(0, -13)}\` NOT LIKE ?`;
         param = `%${w[1]}%`;
       } else if (w[0].endsWith('_contains')) {
-        whereSql += `${w[0].slice(0, -9)} LIKE ?`;
+        whereSql += `\`${w[0].slice(0, -9)}\` LIKE ?`;
         param = `%${w[1]}%`;
       } else if (w[0].endsWith('_not_in')) {
-        whereSql += `${w[0].slice(0, -7)} NOT IN (?)`;
+        whereSql += `\`${w[0].slice(0, -7)}\` NOT IN (?)`;
       } else if (w[0].endsWith('_in')) {
-        whereSql += `${w[0].slice(0, -3)} IN (?)`;
+        whereSql += `\`${w[0].slice(0, -3)}\` IN (?)`;
       } else {
-        whereSql += `${w[0]} = ?`;
+        whereSql += `\`${w[0]}\` = ?`;
       }
       params.push(param);
     });

diff --git a/test/unit/graphql/__snapshots__/controller.test.ts.snap b/test/unit/graphql/__snapshots__/controller.test.ts.snap
@@ -14,18 +14,18 @@ exports[`GqlEntityController createEntityStores should work 1`] = `
 
 DROP TABLE IF EXISTS votes;
 CREATE TABLE votes (
-  id INT(128) NOT NULL,
-  name VARCHAR(128),
-  authenticators JSON,
-  big_number BIGINT,
-  decimal DECIMAL(10, 2),
-  big_decimal DECIMAL(20, 8),
+  \`id\` INT(128) NOT NULL,
+  \`name\` VARCHAR(128),
+  \`authenticators\` JSON,
+  \`big_number\` BIGINT,
+  \`decimal\` DECIMAL(10, 2),
+  \`big_decimal\` DECIMAL(20, 8),
   PRIMARY KEY (id) ,
-  INDEX id (id),
-  INDEX name (name),
-  INDEX big_number (big_number),
-  INDEX decimal (decimal),
-  INDEX big_decimal (big_decimal)
+  INDEX \`id\` (\`id\`),
+  INDEX \`name\` (\`name\`),
+  INDEX \`big_number\` (\`big_number\`),
+  INDEX \`decimal\` (\`decimal\`),
+  INDEX \`big_decimal\` (\`big_decimal\`)
 );",
     ],
   ],