Merge pull request #216 from joshcobalt/sqlkata#215

ahmad-moussawi · web-flow · commit 37ca8d518b7d · 2019-03-20T09:59:32.000+02:00
Adds ability to escape identifiers w/ tests
diff --git a/QueryBuilder.Tests/GeneralTests.cs b/QueryBuilder.Tests/GeneralTests.cs
@@ -123,6 +123,16 @@ public void Raw_WrapIdentifiers()
             Assert.Equal("SELECT \"Id\", \"Name\", \"Age\" FROM \"Users\"", c[EngineCodes.PostgreSql]);
             Assert.Equal("SELECT \"Id\", \"Name\", \"Age\" FROM \"USERS\"", c[EngineCodes.Firebird]);
         }
+        
+        [Fact]
+        public void Raw_WrapIdentifiers_Escaped()
+        {
+            var query = new Query("Users").SelectRaw("'\\{1,2,3\\}'::int\\[\\]");
+
+            var c = Compile(query);
+
+            Assert.Equal("SELECT '{1,2,3}'::int[] FROM \"Users\"", c[EngineCodes.PostgreSql]);
+        }
 
         [Fact]
         public void WrapWithSpace()
diff --git a/QueryBuilder.Tests/HelperTests.cs b/QueryBuilder.Tests/HelperTests.cs
@@ -224,5 +224,14 @@ public void ExpandParameters()
 
             Assert.Equal("where id = ? or id in (?,?) or id in ()", expanded);
         }
+
+        [Theory]
+        [InlineData(@"\{ text {", @"\", "{", "[", "{ text [")]
+        [InlineData(@"{ text {", @"\", "{", "[", "[ text [")]
+        public void WrapIdentifiers(string input, string escapeCharacter, string identifier, string newIdentifier, string expected)
+        {
+            var result = input.ReplaceIdentifierUnlessEscaped(escapeCharacter, identifier, newIdentifier);
+            Assert.Equal(expected, result);
+        }
     }
 }
diff --git a/QueryBuilder.Tests/SelectTests.cs b/QueryBuilder.Tests/SelectTests.cs
@@ -619,5 +619,15 @@ public void JoinTypes(string given, string output)
                 $"SELECT * FROM \"USERS\" \n{output} \"COUNTRIES\" ON \"COUNTRIES\".\"ID\" = \"USERS\".\"COUNTRY_ID\"",
                 c[EngineCodes.Firebird]);
         }
+        
+        [Fact]
+        public void OrWhereRawEscaped()
+        {
+            var query = new Query("Table").WhereRaw("[MyCol] = ANY(?::int\\[\\])", "{1,2,3}");
+
+            var c = Compile(query);
+
+            Assert.Equal("SELECT * FROM \"Table\" WHERE \"MyCol\" = ANY('{1,2,3}'::int[])", c[EngineCodes.PostgreSql]);
+        }
     }
 }
diff --git a/QueryBuilder/Compilers/Compiler.cs b/QueryBuilder/Compilers/Compiler.cs
@@ -15,6 +15,7 @@ public partial class Compiler
         protected virtual string ColumnAsKeyword { get; set; } = "AS ";
         protected virtual string TableAsKeyword { get; set; } = "AS ";
         protected virtual string LastId { get; set; } = "";
+        protected virtual string EscapeCharacter { get; set; } = "\\";
 
         protected Compiler()
         {
@@ -809,12 +810,11 @@ public virtual string WrapIdentifiers(string input)
             return input
 
                 // deprecated
-                .Replace("{", this.OpeningIdentifier)
-                .Replace("}", this.ClosingIdentifier)
+                .ReplaceIdentifierUnlessEscaped(this.EscapeCharacter,"{", this.OpeningIdentifier)
+                .ReplaceIdentifierUnlessEscaped(this.EscapeCharacter,"}", this.ClosingIdentifier)
 
-                .Replace("[", this.OpeningIdentifier)
-                .Replace("]", this.ClosingIdentifier);
+                .ReplaceIdentifierUnlessEscaped(this.EscapeCharacter,"[", this.OpeningIdentifier)
+                .ReplaceIdentifierUnlessEscaped(this.EscapeCharacter,"]", this.ClosingIdentifier);
         }
-
     }
 }
diff --git a/QueryBuilder/Helper.cs b/QueryBuilder/Helper.cs
@@ -158,5 +158,16 @@ public static IEnumerable<string> Repeat(this string str, int count)
         {
             return Enumerable.Repeat(str, count);
         }
+        
+        public static string ReplaceIdentifierUnlessEscaped(this string input, string escapeCharacter, string identifier, string newIdentifier)
+        {
+            //Replace standard, non-escaped identifiers first
+            var nonEscapedRegex = new Regex($@"(?<!{Regex.Escape(escapeCharacter)}){Regex.Escape(identifier)}");
+            var nonEscapedReplace = nonEscapedRegex.Replace(input, newIdentifier);
+            
+            //Then replace escaped identifiers, by just removing the escape character
+            var escapedRegex = new Regex($@"{Regex.Escape(escapeCharacter)}{Regex.Escape(identifier)}");
+            return escapedRegex.Replace(nonEscapedReplace, identifier);
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -224,5 +224,14 @@ public void ExpandParameters()`
`224`	`224`
`225`	`225`	`Assert.Equal("where id = ? or id in (?,?) or id in ()", expanded);`
`226`	`226`	`}`
	`227`	`+`
	`228`	`+ [Theory]`
	`229`	`+ [InlineData(@"\{ text {", @"\", "{", "[", "{ text [")]`
	`230`	`+ [InlineData(@"{ text {", @"\", "{", "[", "[ text [")]`
	`231`	`+ public void WrapIdentifiers(string input, string escapeCharacter, string identifier, string newIdentifier, string expected)`
	`232`	`+ {`
	`233`	`+ var result = input.ReplaceIdentifierUnlessEscaped(escapeCharacter, identifier, newIdentifier);`
	`234`	`+ Assert.Equal(expected, result);`
	`235`	`+ }`
`227`	`236`	`}`
`228`	`237`	`}`
Original file line number	Diff line number	Diff line change
`@@ -619,5 +619,15 @@ public void JoinTypes(string given, string output)`
`619`	`619`	`$"SELECT * FROM \"USERS\" \n{output} \"COUNTRIES\" ON \"COUNTRIES\".\"ID\" = \"USERS\".\"COUNTRY_ID\"",`
`620`	`620`	`c[EngineCodes.Firebird]);`
`621`	`621`	`}`
	`622`	`+`
	`623`	`+ [Fact]`
	`624`	`+ public void OrWhereRawEscaped()`
	`625`	`+ {`
	`626`	`+ var query = new Query("Table").WhereRaw("[MyCol] = ANY(?::int\\[\\])", "{1,2,3}");`
	`627`	`+`
	`628`	`+ var c = Compile(query);`
	`629`	`+`
	`630`	`+ Assert.Equal("SELECT * FROM \"Table\" WHERE \"MyCol\" = ANY('{1,2,3}'::int[])", c[EngineCodes.PostgreSql]);`
	`631`	`+ }`
`622`	`632`	`}`
`623`	`633`	`}`
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ public partial class Compiler`
`15`	`15`	`protected virtual string ColumnAsKeyword { get; set; } = "AS ";`
`16`	`16`	`protected virtual string TableAsKeyword { get; set; } = "AS ";`
`17`	`17`	`protected virtual string LastId { get; set; } = "";`
	`18`	`+ protected virtual string EscapeCharacter { get; set; } = "\\";`
`18`	`19`
`19`	`20`	`protected Compiler()`
`20`	`21`	`{`
`@@ -809,12 +810,11 @@ public virtual string WrapIdentifiers(string input)`
`809`	`810`	`return input`
`810`	`811`
`811`	`812`	`// deprecated`
`812`		`- .Replace("{", this.OpeningIdentifier)`
`813`		`- .Replace("}", this.ClosingIdentifier)`
	`813`	`+ .ReplaceIdentifierUnlessEscaped(this.EscapeCharacter,"{", this.OpeningIdentifier)`
	`814`	`+ .ReplaceIdentifierUnlessEscaped(this.EscapeCharacter,"}", this.ClosingIdentifier)`
`814`	`815`
`815`		`- .Replace("[", this.OpeningIdentifier)`
`816`		`- .Replace("]", this.ClosingIdentifier);`
	`816`	`+ .ReplaceIdentifierUnlessEscaped(this.EscapeCharacter,"[", this.OpeningIdentifier)`
	`817`	`+ .ReplaceIdentifierUnlessEscaped(this.EscapeCharacter,"]", this.ClosingIdentifier);`
`817`	`818`	`}`
`818`		`-`
`819`	`819`	`}`
`820`	`820`	`}`
Original file line number	Diff line number	Diff line change
`@@ -158,5 +158,16 @@ public static IEnumerable<string> Repeat(this string str, int count)`
`158`	`158`	`{`
`159`	`159`	`return Enumerable.Repeat(str, count);`
`160`	`160`	`}`
	`161`	`+`
	`162`	`+ public static string ReplaceIdentifierUnlessEscaped(this string input, string escapeCharacter, string identifier, string newIdentifier)`
	`163`	`+ {`
	`164`	`+ //Replace standard, non-escaped identifiers first`
	`165`	`+ var nonEscapedRegex = new Regex($@"(?<!{Regex.Escape(escapeCharacter)}){Regex.Escape(identifier)}");`
	`166`	`+ var nonEscapedReplace = nonEscapedRegex.Replace(input, newIdentifier);`
	`167`	`+`
	`168`	`+ //Then replace escaped identifiers, by just removing the escape character`
	`169`	`+ var escapedRegex = new Regex($@"{Regex.Escape(escapeCharacter)}{Regex.Escape(identifier)}");`
	`170`	`+ return escapedRegex.Replace(nonEscapedReplace, identifier);`
	`171`	`+ }`
`161`	`172`	`}`
`162`	`173`	`}`