firefish/packages/backend-rs/src/util/escape_sql.rs

#[napi_derive::napi]
pub fn sql_like_escape(src: String) -> String {
    src.replace('%', r"\%").replace('_', r"\_")
}

#[napi_derive::napi]
pub fn safe_for_sql(src: String) -> bool {
    !src.contains([
        '\0', '\x08', '\x09', '\x1a', '\n', '\r', '"', '\'', '\\', '%',
    ])
}

#[cfg(test)]
mod unit_test {
    use super::{safe_for_sql, sql_like_escape};
    use pretty_assertions::assert_eq;

    #[test]
    fn sql_like_escape_test() {
        assert_eq!(sql_like_escape("".to_string()), "".to_string());
        assert_eq!(sql_like_escape("abc".to_string()), "abc".to_string());
        assert_eq!(sql_like_escape("a%bc".to_string()), r"a\%bc".to_string());
        assert_eq!(
            sql_like_escape("a呼%吸bc".to_string()),
            r"a呼\%吸bc".to_string()
        );
        assert_eq!(
            sql_like_escape("_اللغة العربية".to_string()),
            r"\_اللغة العربية".to_string()
        );
    }

    #[test]
    fn safe_for_sql_test() {
        assert!(safe_for_sql("123".to_string()));
        assert!(safe_for_sql("人間".to_string()));
        assert!(!safe_for_sql("人間\x09".to_string()));
        assert!(!safe_for_sql("abc\ndef".to_string()));
        assert!(!safe_for_sql("%something%".to_string()));
    }
}