1227: handle raw where clause binding

knex · Dec 22, 2022 · 6f7c51b · 6f7c51b
1 parent a228f32
commit 6f7c51b
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 7 deletions.
diff --git a/lib/query/querybuilder.js b/lib/query/querybuilder.js
@@ -532,6 +532,12 @@ class Builder extends EventEmitter {
   // Adds a raw `where` clause to the query.
   whereRaw(sql, bindings) {
     const raw = sql.isRawInstance ? sql : this.client.raw(sql, bindings);
+
+    assert(
+      !raw.bindings.some(isObject),
+      'The values in where clause must not be object or array.'
+    );
+
     this._statements.push({
       grouping: 'where',
       type: 'whereRaw',

diff --git a/test/unit/query/builder.js b/test/unit/query/builder.js
@@ -848,13 +848,34 @@ describe('QueryBuilder', () => {
     });
   });
 
-  it('basic wheres should not accept array or object as a value', () => {
+  it('basic wheres should not accept array or object as a value #1227', () => {
+    testquery(qb().select('*').from('users').where('id', '=', 1), {
+      mysql: 'select * from `users` where `id` = 1',
+      pg: 'select * from "users" where "id" = 1',
+      'pg-redshift': 'select * from "users" where "id" = 1',
+      mssql: 'select * from [users] where [id] = 1',
+    });
+    testquery(qb().select('*').from('users').where({ id: 1 }), {
+      mysql: 'select * from `users` where `id` = 1',
+      pg: 'select * from "users" where "id" = 1',
+      'pg-redshift': 'select * from "users" where "id" = 1',
+      mssql: 'select * from [users] where [id] = 1',
+    });
+
     try {
-      clientsWithCustomLoggerForTestWarnings.pg
-        .queryBuilder()
+      qb().select('*').from('users').where('id', '=', [0]);
+      throw new Error('Should not reach this point');
+    } catch (error) {
+      expect(error.message).to.equal(
+        'The values in where clause must not be object or array.'
+      );
+    }
+
+    try {
+      qb()
         .select('*')
         .from('users')
-        .where('id', '=', [0]);
+        .where({ id: { test: 'test' } });
       throw new Error('Should not reach this point');
     } catch (error) {
       expect(error.message).to.equal(
@@ -863,11 +884,22 @@ describe('QueryBuilder', () => {
     }
 
     try {
-      clientsWithCustomLoggerForTestWarnings.pg
-        .queryBuilder()
+      qb()
         .select('*')
         .from('users')
-        .where({ id: { test: 'test' } });
+        .where(raw('?? = ?', ['id', [0]]));
+      throw new Error('Should not reach this point');
+    } catch (error) {
+      expect(error.message).to.equal(
+        'The values in where clause must not be object or array.'
+      );
+    }
+
+    try {
+      qb()
+        .select('*')
+        .from('users')
+        .whereRaw('?? = ?', ['id', { test: 'test' }]);
       throw new Error('Should not reach this point');
     } catch (error) {
       expect(error.message).to.equal(