From a9b152db50a73bf5ed760160db5951d09a29afd2 Mon Sep 17 00:00:00 2001
From: Andre Loreth <a.loreth@adito.de>
Date: Thu, 12 Sep 2019 14:31:25 +0200
Subject: [PATCH] Sql_lib: add translateWithQuotes function for
 preparedStatement quoting

---
 process/Sql_lib/process.js | 46 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/process/Sql_lib/process.js b/process/Sql_lib/process.js
index 952da23ca1..9be6eee372 100644
--- a/process/Sql_lib/process.js
+++ b/process/Sql_lib/process.js
@@ -1859,3 +1859,49 @@ SqlUtils.getResolvingCaseWhen = function(pKeyValueArray, pDbFieldName, pLocale)
     resSql = [resSql, preparedValues];
     return resSql;
 };
+
+/**
+ * Will quote all prepared statement values from the given statement.
+ * @param {[String, String[]]} pStatement Same as first paraemter of db.translateStatement.
+ * @param {([String, String[]]) => String} pExecutionCallback A function which must return the final SQL.
+ * @return The SQL, same as the result of db.translateStatement.
+ */
+SqlUtils.translateWithQuotes = function (pStatement, pExecutionCallback) {
+    // Validate type of incoming paramter.
+    if (!(pStatement instanceof Array))
+        return null;
+
+    // The second element of the array has to be an array.
+    if (!(pStatement[1] instanceof Array))
+        return null;
+
+    // As the second element represents the prepared statements we need to map it...
+    var preparedStatements = pStatement[1].map(function (pValue) {
+        // Just in case as a fallback value..
+        if (!(pValue instanceof Array))
+            return pValue;
+
+        // As the first element represents the value it will be quoted here.
+        return [db.quote(pValue[0]), pValue[1]];
+    });
+
+    return pExecutionCallback([pStatement[0], preparedStatements]);
+}
+
+/**
+ * Will quote all prepared statement values from the given statement.
+ * @param {[String, String[]]} pStatement Same as the first parameter of db.translateStatement.
+ * @returns {String} The SQL, same as the result of db.translateStatement.
+ */
+SqlUtils.translateStatementWithQuotes = function (pStatement) {
+    return SqlUtils.translateWithQuotes(pStatement, db.translateStatement);
+}
+
+/**
+ * Will quote all prepared statement values from the given statement.
+ * @param {[String, String[]]} pStatement Same as the first parameter of db.translateCondition.
+ * @returns {String} The SQL, same as the result of db.translateCondition.
+ */
+SqlUtils.translateConditionWithQuotes = function (pStatement) {
+    return SqlUtils.translateWithQuotes(pStatement, db.translateCondition);
+}
\ No newline at end of file
-- 
GitLab