lib/riddle/query.rb in riddle-1.5.7 vs lib/riddle/query.rb in riddle-1.5.8
- old
+ new
@@ -56,26 +56,25 @@
values = "(#{values.join(', ')})" if values.is_a?(Array)
"SET#{ ' GLOBAL' if global } #{variable} = #{values}"
end
def self.snippets(data, index, query, options = nil)
- data = data.gsub("'") { |x| "\\'" }
- query = query.gsub("'") { |x| "\\'" }
+ data, index, query = quote(data), quote(index), quote(query)
options = ', ' + options.keys.collect { |key|
value = translate_value options[key]
- value = "'#{value}'" if value.is_a?(String)
+ value = quote value if value.is_a?(String)
"#{value} AS #{key}"
}.join(', ') unless options.nil?
- "CALL SNIPPETS('#{data}', '#{index}', '#{query}'#{options})"
+ "CALL SNIPPETS(#{data}, #{index}, #{query}#{options})"
end
def self.create_function(name, type, file)
type = type.to_s.upcase
- "CREATE FUNCTION #{name} RETURNS #{type} SONAME '#{file}'"
+ "CREATE FUNCTION #{name} RETURNS #{type} SONAME #{quote file}"
end
def self.drop_function(name)
"DROP FUNCTION #{name}"
end
@@ -98,14 +97,20 @@
value
end
end
def self.escape(string)
- string.gsub("\\") { |match|
- "\\\\"
- }.gsub(/[\(\)\|\-!@~"\/\^\$]/) { |match|
- "\\\\#{match}"
- }
+ string.gsub(/[\(\)\|\-!@~\/"\/\^\$\\]/) { |match| "\\#{match}" }
+ end
+
+ def self.quote(string)
+ "'#{sql_escape string}'"
+ end
+
+ def self.sql_escape(string)
+ return Mysql2::Client.escape(string) if defined?(Mysql2)
+
+ string.gsub(/['"\\]/) { |character| "\\#{character}" }
end
end
require 'riddle/query/delete'
require 'riddle/query/insert'