diff --git a/packages/cubejs-prestodb-driver/src/PrestoDriver.ts b/packages/cubejs-prestodb-driver/src/PrestoDriver.ts index 7e21b896ba4ea..0c1c67b1b0cb2 100644 --- a/packages/cubejs-prestodb-driver/src/PrestoDriver.ts +++ b/packages/cubejs-prestodb-driver/src/PrestoDriver.ts @@ -218,7 +218,7 @@ export class PrestoDriver extends BaseDriver implements DriverInterface { public prepareQueryWithParams(query: string, values: unknown[]) { return SqlString.format(query, (values || []).map(value => (typeof value === 'string' ? { - toSqlString: () => SqlString.escape(value).replace(/\\\\([_%])/g, '\\$1'), + toSqlString: () => `'${value.replace(/'/g, '\'\'')}'`, } : value))); } diff --git a/packages/cubejs-prestodb-driver/test/unit/prepareQueryWithParams.test.ts b/packages/cubejs-prestodb-driver/test/unit/prepareQueryWithParams.test.ts new file mode 100644 index 0000000000000..4c1c1e4c04ee4 --- /dev/null +++ b/packages/cubejs-prestodb-driver/test/unit/prepareQueryWithParams.test.ts @@ -0,0 +1,43 @@ +import { PrestoDriver } from '../../src/PrestoDriver'; + +describe('PrestoDriver prepareQueryWithParams', () => { + let driver: PrestoDriver; + + beforeEach(() => { + driver = new PrestoDriver({ + host: 'localhost', + port: '8080', + catalog: 'test', + schema: 'default', + }); + }); + + it('formats simple queries without parameters', () => { + const formatted = driver.prepareQueryWithParams('SELECT * FROM users', []); + expect(formatted).toBe('SELECT * FROM users'); + }); + + it('formats parameters with standard SQL escaping for single quotes', () => { + const formatted = driver.prepareQueryWithParams( + 'SELECT * FROM users WHERE name = ? AND city = ?', + ["maya'k", "O'Reilly"] + ); + expect(formatted).toBe("SELECT * FROM users WHERE name = 'maya''k' AND city = 'O''Reilly'"); + }); + + it('does not escape backslashes like MySQL', () => { + const formatted = driver.prepareQueryWithParams( + 'SELECT * FROM users WHERE path = ?', + ['C:\\Program Files\\App'] + ); + expect(formatted).toBe("SELECT * FROM users WHERE path = 'C:\\Program Files\\App'"); + }); + + it('keeps wildcards and their escapes in LIKE queries', () => { + const formatted = driver.prepareQueryWithParams( + 'SELECT * FROM users WHERE name LIKE ? ESCAPE ?', + ['%foo\\_bar%', '\\'] + ); + expect(formatted).toBe("SELECT * FROM users WHERE name LIKE '%foo\\_bar%' ESCAPE '\\'"); + }); +});