ADD string implement for mysql unsafe mode.

illacloud · Jan 19, 2024 · 2059426 · 2059426
1 parent aff138c
commit 2059426
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/src/utils/parser/sql/escaper.go b/src/utils/parser/sql/escaper.go
@@ -219,9 +219,9 @@ func reflectVariableToString(variable interface{}) (string, error) {
 				if errInReflect != nil {
 					return "", errInReflect
 				}
-				finalString += subVarInString
+				finalString += "'" + subVarInString + "'"
 			}
-			return "(" + finalString + ")", nil
+			return finalString, nil
 		}
 
 		return "", errors.New("invalied array type inputed")

diff --git a/src/utils/parser/sql/escaper_test.go b/src/utils/parser/sql/escaper_test.go
@@ -275,3 +275,15 @@ func TestEscapePostgresSQLInStatementQueryInIntString(t *testing.T) {
 	assert.Equal(t, []interface{}{"a", "b", "c"}, usedArgs, "the usedArgs should be equal")
 	assert.Equal(t, "select * from users where id in ($1, $2, $3)", escapedSQL, "the token should be equal")
 }
+
+func TestEscapeMySQLSQLInStatementQueryInIntStringInUnsafeMode(t *testing.T) {
+	sql_1 := `select * from users where id in ({{multiselect1.value.map(b => Number(b))}})`
+	args := map[string]interface{}{
+		`multiselect1.value.map(b => Number(b))`: []interface{}{"a", "b", "c"},
+	}
+	sqlEscaper := NewSQLEscaper(resourcelist.TYPE_MYSQL_ID)
+	escapedSQL, usedArgs, errInEscape := sqlEscaper.EscapeSQLActionTemplate(sql_1, args, false)
+	assert.Nil(t, errInEscape)
+	assert.Equal(t, []interface{}{}, usedArgs, "the usedArgs should be equal")
+	assert.Equal(t, "select * from users where id in ('a', 'b', 'c')", escapedSQL, "the token should be equal")
+}