Rewrite escape/unescape for SQL

CHANGELOG.md

@@ -6,6 +6,8 @@
   - Added customized modals to confirm item deleteion for Fluent, Bootstrap (PR #1188)
   - Added some missing type declarations. Restored support of AntDesign v4 (PR #1264)
   - Added `showSelectedValueSourceLabel` to config settings (PR #1272) (issue #1144)
+  - Removed `Utils.ExportUtils.SqlString.trim`
+  - Now `Utils.ExportUtils.SqlString.unescapeLike` returns object instead of string
 - 6.6.15
   - Fixed support of AntDesign 4.x DatePicker (PR #1239) (issue #1238)
   - Prevent potential prototype pollution in `OtherUtils.mergeIn` and `OtherUtils.setIn` (PR #1240)

packages/core/modules/config/index.js

@@ -188,19 +188,16 @@ const operators = {
         const not = sqlObj?.operator == "NOT LIKE";
         const [_left, right] = sqlObj.children || [];
         if (right?.valueType?.endsWith("_quote_string")) {
-          if (right?.value.startsWith("%") && right?.value.endsWith("%")) {
-            right.value = this.utils.SqlString.unescapeLike(right.value.substring(1, right.value.length - 1), sqlDialect);
+          const {str, anyStart, anyEnd} = this.utils.SqlString.unescapeLike(right.value, sqlDialect);
+          right.value = str;
+          if (anyStart && anyEnd) {
             sqlObj.operator = not ? "not_like" : "like";
-            return sqlObj;
-          } else if (right?.value.startsWith("%")) {
-            right.value = this.utils.SqlString.unescapeLike(right.value.substring(1), sqlDialect);
-            sqlObj.operator = "ends_with";
-            return sqlObj;
-          } else if (right?.value.endsWith("%")) {
-            right.value = this.utils.SqlString.unescapeLike(right.value.substring(0, right.value.length - 1), sqlDialect);
+          } else if (anyStart) {
             sqlObj.operator = "starts_with";
-            return sqlObj;
+          } else if (anyEnd) {
+            sqlObj.operator = "ends_with";
           }
+          return sqlObj;
         }
       }
     },
@@ -560,7 +557,8 @@ const operators = {
     sqlFormatOp: function (field, op, values, valueSrc, valueType, opDef, operatorOptions, fieldDef) {
       if (valueSrc == "value")
       // set
-        return `${field} = '${values.map(v => this.utils.SqlString.trim(v)).join(",")}'`;
+        // todo: escape instead of wrap with '
+        return `${field} = '${values.map(v => this.utils.SqlString.unescapeStr(v)).join(",")}'`;
       else
         return undefined; //not supported
     },
@@ -590,7 +588,8 @@ const operators = {
     sqlFormatOp: function (field, op, values, valueSrc, valueType, opDef, operatorOptions, fieldDef) {
       if (valueSrc == "value")
       // set
-        return `${field} != '${values.map(v => this.utils.SqlString.trim(v)).join(",")}'`;
+        // todo: escape instead of wrap with '
+        return `${field} != '${values.map(v => this.utils.SqlString.unescapeStr(v)).join(",")}'`;
       else
         return undefined; //not supported
     },
@@ -624,9 +623,10 @@ const operators = {
       // https://learn.microsoft.com/en-us/sql/relational-databases/search/search-for-words-close-to-another-word-with-near?view=sql-server-ver16#example-1
       const val1 = values.first();
       const val2 = values.get(1);
-      const aVal1 = this.utils.SqlString.trim(val1);
-      const aVal2 = this.utils.SqlString.trim(val2);
+      const aVal1 = this.utils.SqlString.unescapeStr(val1);
+      const aVal2 = this.utils.SqlString.unescapeStr(val2);
       const prox = operatorOptions?.get("proximity");
+      // todo: escape NEAR instead of wrap with '
       return `CONTAINS(${field}, 'NEAR((${aVal1}, ${aVal2}), ${prox})')`;
     },
     sqlImport: function (sqlObj, _, sqlDialect) {

packages/core/modules/export/sql.js

@@ -248,6 +248,7 @@ const formatField = (meta, config, field) => {
   const formatFieldFn = config.settings.formatField;
   const fieldName = formatFieldName(field, config, meta, null, {useTableName: true});
   const formattedField = formatFieldFn(fieldName, fieldParts, fieldFullLabel, fieldDefinition, config);
+  // todo: use SqlString.escapeId
   return formattedField;
 };
 

packages/core/modules/index.d.ts

@@ -13,6 +13,32 @@ export type ImmutableMap<K, V> = ImmMap<K, V>;
 export type ImmutableOMap<K, V> = ImmOMap<K, V>;
 export type AnyImmutable = ImmutableList<any> | ImmutableMap<string, any> | ImmutableOMap<string, any>;
 export type SqlDialect = "BigQuery" | "PostgreSQL" | "MySQL";
+export type SqlType = 
+  // ValueExpr["type"] in "node-sql-parser"
+  | "backticks_quote_string"
+  | "string"
+  | "regex_string"
+  | "hex_string"
+  | "full_hex_string"
+  | "natural_string"
+  | "bit_string"
+  | "double_quote_string"
+  | "single_quote_string"
+  | "boolean"
+  | "bool"
+  | "null"
+  | "star"
+  | "param"
+  | "origin"
+  | "date"
+  | "datetime"
+  | "default"
+  | "time"
+  | "timestamp"
+  | "var_string"
+  // missing in ValueExpr["type"]
+  | "number";
+
 
 ////////////////
 // common
@@ -611,10 +637,13 @@ interface ExportUtils extends PickDeprecated<SpelUtils, "spelFixList" | "spelEsc
   wrapWithBrackets(val?: string): string;
   sqlEmptyValue(fieldDef?: Field): string;
   SqlString: {
-    trim(val?: string): string;
-    escape(val?: string): string;
-    escapeLike(val?: string, any_start?: boolean, any_end?: boolean, sqlDialect?: SqlDialect): string;
-    unescapeLike(val?: string, sqlDialect?: SqlDialect): string;
+    escape(val: any): string;
+    // added methods
+    escapeStr(str: string, sqlDialect?: SqlDialect): string;
+    unescapeStr(str: string, sqlDialect?: SqlDialect, literalType?: SqlType): string;
+    escapeLike(str: string, anyStart?: boolean, anyEnd?: boolean, sqlDialect?: SqlDialect): string;
+    unescapeLike(likeStr: string, sqlDialect?: SqlDialect): {str: string, anyStart?: boolean, anyEnd?: boolean};
+    trimQuote(str: string, sqlDialect?: SqlDialect, literalType?: SqlType): {str: string, literalType?: SqlType, prefix?: string};
   },
   stringifyForDisplay(val: any): string;
 }