escaping column names in ORM

This commit is contained in:
Marc Baloup 2019-07-18 17:37:27 +02:00
parent e9188b8c1a
commit 4773999dd6
5 changed files with 6 additions and 5 deletions

View File

@ -41,7 +41,7 @@ public class SQLOrderBy {
for (OBField f : orderByFields) {
if (!first) ret += ", ";
first = false;
ret += f.field.getName() + " " + f.direction.name();
ret += "`" + f.field.getName() + "` " + f.direction.name();
}
return ret;
}

View File

@ -41,7 +41,8 @@ public class SQLWhereChain extends SQLWhere {
public enum SQLBoolOp {
/** Equivalent to SQL "<code>AND</code>" */
AND("AND"), /** Equivalent to SQL "<code>OR</code>" */
AND("AND"),
/** Equivalent to SQL "<code>OR</code>" */
OR("OR");
public final String sql;

View File

@ -30,7 +30,7 @@ public class SQLWhereComp extends SQLWhere {
public Pair<String, List<Object>> toSQL() throws ORMException {
List<Object> params = new ArrayList<>();
SQLElement.addValueToSQLObjectList(params, left, right);
return new Pair<>(left.getName() + " " + comp.sql + " ? ", params);
return new Pair<>("`" + left.getName() + "` " + comp.sql + " ? ", params);
}
public enum SQLComparator {

View File

@ -27,7 +27,7 @@ public class SQLWhereLike extends SQLWhere {
public Pair<String, List<Object>> toSQL() {
ArrayList<Object> params = new ArrayList<>();
params.add(likeExpr);
return new Pair<>(field.getName() + " LIKE ? ", params);
return new Pair<>("`" + field.getName() + "` LIKE ? ", params);
}
}

View File

@ -30,7 +30,7 @@ public class SQLWhereNull extends SQLWhere {
@Override
public Pair<String, List<Object>> toSQL() {
return new Pair<>(fild.getName() + ((nulll) ? " IS NULL" : " IS NOT NULL"), new ArrayList<>());
return new Pair<>("`" + fild.getName() + "` IS " + ((nulll) ? "NULL" : "NOT NULL"), new ArrayList<>());
}
}