JacobLinCool · moalamri · Apr 11, 2024 · Apr 11, 2024 · Apr 11, 2024 · Apr 11, 2024
diff --git a/.gitignore b/.gitignore
@@ -8,6 +8,7 @@ node_modules
 !.env.example
 vite.config.js.timestamp-*
 vite.config.ts.timestamp-*
+wrangler.toml
 
 cfai/
 .wrangler/
diff --git a/src/lib/plugin/AddRecord.svelte b/src/lib/plugin/AddRecord.svelte
@@ -2,11 +2,14 @@
  import { t } from "svelte-i18n";
  import type { PluginData } from "./type";
  import { z } from "zod";
+ import { quote_name, quote_record } from "$lib/utils";
 
  export let database: string;
  export let table: string;
  export let data: PluginData;
 
+ const quoted_table = quote_name(table);
+
  const cols = data.db
  .find(({ name }) => name === table)
  ?.columns.sort(({ cid: a }, { cid: b }) => a - b);
@@ -76,9 +79,10 @@
  );
 
  try {
- const res = await fetch(`/api/db/${database}/${table}/data`, {
+ const quoted_record = quote_record(data);
+ const res = await fetch(`/api/db/${database}/${quoted_table}/data`, {
  method: "POST",
- body: JSON.stringify(data),
+ body: JSON.stringify(quoted_record),
  });
 
  const json = await res.json<typeof result | typeof error>();

diff --git a/src/lib/plugin/CSV.svelte b/src/lib/plugin/CSV.svelte
@@ -3,11 +3,14 @@
  import type { PluginData } from "./type";
  import type { Type } from "../sqlite";
  import { affinity, cast } from "../sqlite";
+ import { quote_name } from "$lib/utils";
 
  export let database: string;
  export let table: string;
  export let data: PluginData;
 
+ const quoted_table = quote_name(table);
+
  const cols = data.db
  .find(({ name }) => name === table)
  ?.columns.sort(({ cid: a }, { cid: b }) => a - b);
@@ -108,8 +111,9 @@
  return bodies;
  }
 
+ const quoted_keys = keys?.map(quote_name);
  const queries = bodies.map(
- (body) => `INSERT INTO ${table} (${keys?.join(", ")}) VALUES ${body}`,
+ (body) => `INSERT INTO ${quoted_table} (${quoted_keys?.join(", ")}) VALUES ${body}`,
  );
 
  console.log(queries);
@@ -155,7 +159,7 @@
 
  try {
  const module = import("csv-stringify/browser/esm/sync");
- const res = await fetch(`/api/db/${database}/${table}/data`);
+ const res = await fetch(`/api/db/${database}/${quoted_table}/data`);
  const json = await res.json<any>();
 
  const { stringify } = await module;

diff --git a/src/lib/plugin/TableBrowser.svelte b/src/lib/plugin/TableBrowser.svelte
@@ -3,11 +3,14 @@
  import { t } from "svelte-i18n";
  import type { PluginData } from "./type";
  import Icon from "@iconify/svelte";
+ import { quote_name, quote_record } from "$lib/utils";
 
  export let database: string;
  export let table: string;
  export let data: PluginData;
 
+ const quoted_table = quote_name(table);
+
  const cols =
  data.db
  .find(({ name }) => name === table)
@@ -51,7 +54,9 @@
  params.set("order", order);
  params.set("dir", dir);
  }
- const res = await fetch(`/api/db/${database}/${table}/data?${params.toString()}`);
+ const res = await fetch(
+ `/api/db/${database}/${quoted_table}/data?${params.toString()}`,
+ );
 
  const json = await res.json<typeof result | typeof error>();
  if (json) {
@@ -103,7 +108,7 @@
  throw new Error($t("plugin.table-browser.invalid-rowid"));
  }
 
- const res = await fetch(`/api/db/${database}/${table}/data/?rowid=${rowid}`, {
+ const res = await fetch(`/api/db/${database}/${quoted_table}/data/?rowid=${rowid}`, {
  method: "DELETE",
  });
 
@@ -153,13 +158,15 @@
  if (!record) {
  throw new Error($t("plugin.table-browser.no-record"));
  }
- const res = await fetch(`/api/db/${database}/${table}/data/?rowid=${rowid}`, {
+ const quoted_record = quote_record(record);
+
+ const res = await fetch(`/api/db/${database}/${quoted_table}/data/?rowid=${rowid}`, {
  method: "PUT",
  headers: {
  "Content-Type": "application/json",
  },
  body: JSON.stringify({
- ...record,
+ ...quoted_record,
  _: undefined,
  }),
  });

diff --git a/src/lib/utils.ts b/src/lib/utils.ts
@@ -0,0 +1,35 @@
+// This file contains utility functions that are used in the project
+
+// This list contains all special characters that should be quoted in a name string
+const SPECIAL_CHARS = ["-"];
+
+/**
+ * This function checks if a string contains any special characters and therefore should be quoted
+ * @param str The string to check
+ * @returns True if the string contains any special characters, otherwise false
+ */
+function should_quote(str: string) {
+ return SPECIAL_CHARS.some((char) => str.includes(char));
+}
+
+/**
+ * This function enclose a name string in single quotes if it contains special characters predefined by the SPECIAL_CHARS list
+ * @param name The name to escape
+ * @returns A name enclosed in single quotes if it contains special characters, otherwise the name itself
+ */
+export function quote_name(name: string): string {
+ return should_quote(name) ? `'${name}'` : name;
+}
+
+/**
+ * This function encloses all keys in a record in single quotes if they contain special characters
+ * @param record The record to quote
+ * @returns A new record with all keys enclosed in single quotes if they contain special characters
+ */
+export function quote_record(record: Record<string, any>): Record<string, any> {
+ return Object.fromEntries(
+ Object.entries(record).map(([key, value]) => {
+ return [quote_name(key), value];
+ }),
+ );
+}