tablet/gorm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
974 Commits 8 Branches 111 Tags 117 MiB
Commit Graph

137 Commits

Author SHA1 Message Date
everclear
5ad24449bd Removed guessing numeric type from a string. 
This type of guess work is dangerous. It could lead to the situation where input is accepted from a query string for an primary key query, but is injected into the SQL string directly.

/api/user/10
db.Find(&user, "10")  // SELECT * FROM users WHERE id = 10;

/api/user/1=1
db.Find(&user, "1=1")  // SELECT * FROM users WHERE "1=1";

which is equivalent to 
// SELECT * FROM users

It shouldn't behave differently based on the content of the string passed to it. Especially when that has a security implication. If the user want's to pass a int, they should pass that type.
 2016-02-04 19:24:38 +00:00
James Kong
72104c6bf0 Fixes querying with inline map when a value is nil 
This changes the inline map query build condition to use `IS NULL` 
instead of the equality operator when the provided value is `nil`.
 2016-01-15 16:38:56 -08:00
Jinzhu
341d047aa7 Rollback to old Unscoped API 2016-01-12 15:27:25 +08:00
Jinzhu
43e9035dad Fix Association Count with Soft Delete 2016-01-12 13:56:41 +08:00
Hui
c66995df3a Fixes wrong number of args for format in Sprintf call bug in addForeignKey function 2016-01-05 17:02:47 +08:00
Jinzhu
3a9367612e Port changes made in PR #652 2016-01-05 08:34:17 +08:00
Jinzhu
ec0aa10bf2 Fix set scanner to a Field 2016-01-04 21:49:04 +08:00
Jinzhu
be45d8312e Create index automatically when create table 2016-01-04 19:22:42 +08:00
Jinzhu
caeb4040f2 Fix use []byte as condtions 2016-01-03 20:29:46 +08:00
Jinzhu
52ac75a29a Use []byte as condtions 2016-01-03 20:23:37 +08:00
Jinzhu
1b1dbc0fab Respect customized sql tag when create join table 2016-01-03 19:47:48 +08:00
Jinzhu
4e45e6dc2d Use field.TagSettings 2016-01-03 10:00:18 +08:00
Jinzhu
19b85b1f17 Compatible with both gorm, sql tag 2016-01-03 09:52:27 +08:00
Jinzhu
4677215ef4 Fix get type Name from scope 2015-12-25 12:20:45 +08:00
Jinzhu
ba694926d0 Create composite primary key for join table 2015-12-11 12:22:09 +08:00
Jason Seriff
a3c1fda757 Modify count regex to match parenthesis instead of starting a capture. Fixes #679 2015-11-10 14:51:16 -06:00
Henrique Menezes
e68fb8f9e2 Fix where clause for string primary key when query value is numeric and starts with zero 2015-10-16 00:49:47 -03:00
Jinzhu
eeb9ba2250 Fix query with Joins 2015-10-01 07:43:43 +08:00
Jinzhu
88188b6161 Respect Where when create index 2015-10-01 06:53:15 +08:00
Jinzhu
048963c568 Merge pull request #666 from defend7/sqlite_autoincrement 
Support the AUTOINCREMENT keyword on SQLite.
 2015-09-28 10:20:17 +08:00
Ivan Pusic
246383326c do not execute buildSelectQuery twice 
if buildSelectQuery() is executed twice, then we get more values in SqlVars than expected
 2015-09-28 00:03:51 +02:00
Jinzhu
198fc47051 Include all primary fields when build where conditions 2015-09-25 17:14:21 +08:00
Vibhav Sreekanti
1d8292c5ab Support the AUTOINCREMENT keyword on SQLite. 
Omit the "PRIMARY KEY" clause at the end of the create statement if
any column's SQL tags already contains the PRIMARY KEY constraint.
 2015-09-20 10:58:12 -07:00
Jinzhu
073fa4dc85 include order by for group SQL 2015-09-17 21:39:16 +08:00
Leon Maia
6d91f300f5 fixes #593 - Dont include quotes on dest table 2015-08-07 17:16:40 -03:00
Jinzhu
d21eed4b66 Don't include Order for counting sql 2015-08-05 15:58:11 +08:00
Jinzhu
0def184b0c Merge pull request #572 from eirmag/master 
Table suffix to create tables with InnoDB engine
 2015-08-02 07:28:42 +08:00
Gabriel
eef40a06ff Rename the parameter to table_options and avoid introduction of new API function OpenWithTableSuffix 2015-08-01 22:46:38 +00:00
Jinzhu
e2e417a8c2 Fix complicated Select 2015-08-01 11:49:34 +08:00
Jinzhu
393d8a3a52 Fix possible duplciated foreign key name 2015-08-01 11:27:01 +08:00
Jinzhu
bee1c8d119 Merge pull request #576 from kiwih/master 
Add basic support for multiple HAVING clauses.
 2015-08-01 10:00:05 +08:00
Jinzhu
8a88d665d5 Add QuoteIfPossible for Scope 2015-08-01 09:25:06 +08:00
Jinzhu
25ba9487aa Create join table with computed foreign keys 2015-07-31 16:33:44 +08:00
Jinzhu
9c52c29e90 Fix test TestRelated 2015-07-30 18:56:05 +08:00
Jinzhu
fea291e796 Fix compile error for scope_private 2015-07-30 17:58:49 +08:00
kiwih
a9cdf1dc7f Add basic support for multiple HAVING clauses. All clauses will be ANDed together. 2015-07-22 15:00:20 +12:00
Jinzhu
4c3daade4c Don't quote column if it is not only column name when create index 2015-07-21 10:12:31 +08:00
Gabriel
8848fc476d Table suffix to create tables with InnoDB engine with mysql. Alter table is not affected yet, only create table and auto migration 2015-07-19 22:42:48 +00:00
Jay Taylor
e31752757a Added missing field name quoting for ALTER TABLE' and CREATE INDEX' statements. 2015-06-29 15:35:50 -07:00
Jinzhu
d75612b86f Update JoinTableHandler API 2015-06-19 11:32:11 +08:00
Jinzhu
cbebcf6d6f Quote db name when create primary keys 2015-05-22 11:13:14 +08:00
Constantin Schomburg
a0c527f1cc Fix including ignored field in Where condition 2015-05-09 13:12:13 +02:00
Jinzhu
ef4299b398 Add RowQuery callback 2015-04-17 18:27:20 +08:00
Jinzhu
67266ebdb3 Fix create join table with multi primary keys 2015-04-09 15:51:47 +08:00
Jinzhu
a952601f21 Fix query related resources with customized column name 2015-04-03 16:32:53 +08:00
Jay Taylor
8389d92f78 Futher clarified error messaging for invalid `plucks'. 2015-03-23 15:11:41 -07:00
Jinzhu
44b106c8e2 Fix tests 2015-03-19 18:23:54 +08:00
Jinzhu
6ba0c1661f Refactor JoinTableHandler 2015-03-18 18:26:58 +08:00
Jinzhu
c13e2f18f8 New JoinTableHandler 2015-03-18 11:47:11 +08:00
Will Glynn
87ff58b598 Fix creation of composite unique indexes 2015-03-17 09:04:12 -05:00