Fix escaping in LIKE expressions #87
Conversation
Codecov Report
@@ Coverage Diff @@
## main #87 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 63 63
Lines 4778 4808 +30
=========================================
+ Hits 4778 4808 +30
|
5610083 to
70ea3b0
Compare
| // Split a map into a list of maps with a single entry each | ||
| func splitMap[T ~map[string]interface{}](m T) (exprs []T) { | ||
| for key, val := range m { | ||
| exprs = append(exprs, T{key: val}) | ||
| } | ||
| return exprs | ||
| } | ||
|
|
||
| // Convert a list of Sqlizer operations to sq.And | ||
| func toAnd[T sq.Sqlizer](ops []T) (and sq.And) { | ||
| for _, op := range ops { | ||
| and = append(and, op) | ||
| } | ||
| return and | ||
| } |
There was a problem hiding this comment.
There might be better ways to do this, but I wanted a way to add ESCAPE to every LIKE condition without writing the iterating logic 4 times below.
Note that this logic likely isn't even used in practice, as we only construct single-element maps anyway when using filterOp.
Explicitly specify '[' as the escape character in all cases, and use it to escape the wildcards '%' and '_' in LIKE expressions. Works for Postgres and SQLite. Fixes hyperledger#83 Signed-off-by: Andrew Richardson <andrew.richardson@kaleido.io>
27e3ccc to
296d3c8
Compare
Signed-off-by: Andrew Richardson <andrew.richardson@kaleido.io>
| return and | ||
| } | ||
|
|
||
| func (lk LikeEscape) ToSql() (sql string, args []interface{}, err error) { |
There was a problem hiding this comment.
I think letting the linter be on this one with ToSQL is most consistent, rather than the linter override.
There was a problem hiding this comment.
So... the method has to be called ToSql in order to implement sq.Sqlizer. I think that means I have to add an inline override (which I could not for the life of me figure out how to do) or a global override.
Explicitly specify '[' as the escape character in all cases, and use it to escape the wildcards '%' and '_' in LIKE expressions. Works for Postgres and SQLite.
Fixes #83