SQL Escape
Installation
npm install @hewfuikhien.com/sql-escape --save
yarn add @hewfuikhien.com/sql-escape
Example
import SQLEscape from '@hewfuikhien.com/sql-escape';
const sql = SQLEscape('INSERT INTO %I VALUES(%L)', 'books', "O'Reilly");
console.log(sql);
const SQLEscape = require('@hewfuikhien.com/sql-escape');
const sql = SQLEscape('INSERT INTO %I VALUES(%L)', 'books', "O'Reilly");
console.log(sql);
Formats
-
%s
formats the argument value as a simple string. A null value is treated as an empty string. -
%Q
formats the argument value as a dollar quoted string. A null value is treated as an empty string. -
%I
treats the argument value as an SQL identifier, double-quoting it if necessary. It is an error for the value to be null. -
%L
quotes the argument value as an SQL literal. A null value is displayed as the string NULL, without quotes. -
%%
In addition to the format specifiers described above, the special sequence %% may be used to output a literal % character.