Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Column name in QueryBuilder's orderBy is NOT escaped

See original GitHub issue

Issue type:

[ ] question [x] bug report [ ] feature request [ ] documentation issue

Database system/driver:

[ ] cordova [ ] mongodb [ ] mssql [x] mysql / mariadb [ ] oracle [ ] postgres [ ] cockroachdb [ ] sqlite [ ] sqljs [ ] react-native [ ] expo

TypeORM version:

[x] latest [ ] @next [ ] 0.x.x (or put your version here)

Steps to reproduce or a small repository showing the problem:

Pass a column name like key to QueryBuilder’s orderBy, the generated SQL will be ORDER BY key ASC which causes error.

Issue Analytics

State:
Created 4 years ago
Reactions:3
Comments:7 (2 by maintainers)

Top GitHub Comments

1reaction

d3-dmitriy-onypkocommented, Jul 25, 2019

Same issue. Also @Menci { '`key`': xxx } does not help. You need { `"key"`: xxx }

1reaction

Mencicommented, Jun 6, 2019

I’m sorry. It’s not .find(), it’s QueryBuilder’s .orderBy(). Code is below:

const TypeORM = require("typeorm");

const TestTable = new TypeORM.EntitySchema({
    name: "test_table",
    columns: {
        key: {
            primary: true,
            type: "int",
            generated: true
        }
    }
});

TypeORM.createConnection({
    type: "mysql",
    host: "localhost",
    port: 3306,
    username: "syzoj",
    password: "3RckWNyUTrwdNx97",
    database: "syzoj",
    synchronize: true,
    logging: true,
    entities: [TestTable]
}).then(connection => {
    connection.getRepository('test_table').createQueryBuilder()
      .select('*')
      .orderBy({
        key: 'DESC'
      })
      .getMany();
});