From 2ccc17a3c5ef7f0f86a183ebb7caf00fba09a5c6 Mon Sep 17 00:00:00 2001
From: Dovid Gefen <dovidgef@gmail.com>
Date: Wed, 3 Feb 2021 15:35:22 +0200
Subject: [PATCH] Add .toSqlString() escapeId overriding

closes #57
closes #58
---
 HISTORY.md                  | 5 +++++
 README.md                   | 4 ++++
 lib/SqlString.js            | 2 ++
 test/unit/test-SqlString.js | 8 ++++++++
 4 files changed, 19 insertions(+)

diff --git a/HISTORY.md b/HISTORY.md
index aea1dfc..b22da7b 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -1,3 +1,8 @@
+unreleased
+==========
+
+  * Add `.toSqlString()` escapeId overriding
+
 2.3.3 / 2022-03-06
 ==================
 
diff --git a/README.md b/README.md
index 5a9934f..1492657 100644
--- a/README.md
+++ b/README.md
@@ -172,6 +172,10 @@ console.log(sql); // SELECT `username`, `email` FROM `users` WHERE id = 1
 ```
 **Please note that this last character sequence is experimental and syntax might change**
 
+To skip escaping one or more of the columns names that you pass to `SqlString.escapeId()`
+you may use `SqlString.raw()` similarly to how it is used with `SqlString.escape()`.
+See above for more details.
+
 When you pass an Object to `.escape()` or `.format()`, `.escapeId()` is used to avoid SQL injection in object keys.
 
 ### Formatting queries
diff --git a/lib/SqlString.js b/lib/SqlString.js
index 8206dad..b8cea61 100644
--- a/lib/SqlString.js
+++ b/lib/SqlString.js
@@ -24,6 +24,8 @@ SqlString.escapeId = function escapeId(val, forbidQualified) {
     }
 
     return sql;
+  } else if (typeof val.toSqlString === 'function') {
+    return String(val.toSqlString());
   } else if (forbidQualified) {
     return '`' + String(val).replace(ID_GLOBAL_REGEXP, '``') + '`';
   } else {
diff --git a/test/unit/test-SqlString.js b/test/unit/test-SqlString.js
index 580aa4e..ed038bb 100644
--- a/test/unit/test-SqlString.js
+++ b/test/unit/test-SqlString.js
@@ -46,6 +46,14 @@ test('SqlString.escapeId', {
 
   'nested arrays are flattened': function() {
     assert.equal(SqlString.escapeId(['a', ['b', ['t.c']]]), '`a`, `b`, `t`.`c`');
+  },
+
+  'raw not escaped': function () {
+    assert.equal(SqlString.escapeId(SqlString.raw('*')), '*');
+  },
+
+  'raw within array not escaped': function () {
+    assert.equal(SqlString.escapeId(['a', SqlString.raw('*'), 'b']), '`a`, *, `b`');
   }
 });
 

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/mysqljs/sqlstring/pull/58.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/mysqljs/sqlstring/pull/58.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/mysqljs/sqlstring/pull/58.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/mysqljs/sqlstring/pull/58.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>