Skip to content

Commit d684512

Browse files
AdriVanHoudtdougwilson
AdriVanHoudt
authored and
dougwilson
committed
Escape invalid Date objects as NULL
closes #10
1 parent c319164 commit d684512

File tree

3 files changed

+22
-5
lines changed

3 files changed

+22
-5
lines changed

HISTORY.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,8 @@
1+
unreleased
2+
==========
3+
4+
* Escape invalid `Date` objects as `NULL`
5+
16
2.1.0 / 2016-09-26
27
==================
38

lib/SqlString.js

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -40,19 +40,18 @@ SqlString.escape = function escape(val, stringifyObjects, timeZone) {
4040
case 'number': return val+'';
4141
case 'object':
4242
if (val instanceof Date) {
43-
val = SqlString.dateToString(val, timeZone || 'local');
43+
return SqlString.dateToString(val, timeZone || 'local');
4444
} else if (Array.isArray(val)) {
4545
return SqlString.arrayToList(val, timeZone);
4646
} else if (Buffer.isBuffer(val)) {
4747
return SqlString.bufferToString(val);
4848
} else if (stringifyObjects) {
49-
val = val.toString();
49+
return escapeString(val.toString());
5050
} else {
5151
return SqlString.objectToValues(val, timeZone);
5252
}
53+
default: return escapeString(val);
5354
}
54-
55-
return escapeString(val);
5655
};
5756

5857
SqlString.arrayToList = function arrayToList(array, timeZone) {
@@ -111,6 +110,10 @@ SqlString.format = function format(sql, values, stringifyObjects, timeZone) {
111110
SqlString.dateToString = function dateToString(date, timeZone) {
112111
var dt = new Date(date);
113112

113+
if (isNaN(dt.getTime())) {
114+
return 'NULL';
115+
}
116+
114117
var year;
115118
var month;
116119
var day;
@@ -144,9 +147,11 @@ SqlString.dateToString = function dateToString(date, timeZone) {
144147
}
145148

146149
// YYYY-MM-DD HH:mm:ss.mmm
147-
return zeroPad(year, 4) + '-' + zeroPad(month, 2) + '-' + zeroPad(day, 2) + ' ' +
150+
var str = zeroPad(year, 4) + '-' + zeroPad(month, 2) + '-' + zeroPad(day, 2) + ' ' +
148151
zeroPad(hour, 2) + ':' + zeroPad(minute, 2) + ':' + zeroPad(second, 2) + '.' +
149152
zeroPad(millisecond, 3);
153+
154+
return escapeString(str);
150155
};
151156

152157
SqlString.bufferToString = function bufferToString(buffer) {

test/unit/test-SqlString.js

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -173,6 +173,13 @@ test('SqlString.escape', {
173173
assert.strictEqual(string, expected);
174174
},
175175

176+
'invalid dates are converted to null': function() {
177+
var date = new Date(NaN);
178+
var string = SqlString.escape(date);
179+
180+
assert.strictEqual(string, 'NULL');
181+
},
182+
176183
'buffers are converted to hex': function() {
177184
var buffer = new Buffer([0, 1, 254, 255]);
178185
var string = SqlString.escape(buffer);

0 commit comments

Comments
 (0)