scarney81 / pg-hstore Goto Github PK

File LICENSE mentions Eloqua (instead of the author) as the copyright holder. Is this correct?

I'm using the node "pg" npm module to connect to postgres. Suppose I have a table like this:

create table somedata (col hstore)

if I insert into the table from node like this:

client.query(
  "insert into somedata (col) values ($1)", 
  [hstore.stringify({a:"a'"})]
)

I will get a double sanitization so the key is a and the value is a''. I think it would be valuable to have a stringify that doesn't sanitize so that the resulting strings would be ready for use in prepared statements or statements with place holders where the sanitization is done within the database.

Thanks

I found an error in regexp
var hstore = require('pg-hstore')({ sanitize: true });
var obj = {"description": "", "manufacturer": "Fair-Rite"};
var hstore = hstore.stringify(obj);
var objagain = hstore.parse(hstore); //error

Hi!

Thanks for the useful module. I found the following issue - and have submitted some code for you to review.

An example of invalid hstores are: "foo"=>"bar,foo,bar" and "foo"=>""bar","foo","bar""

Hope this helps.

I read the source code about hstore.stringify: https://github.com/scarney81/pg-hstore/blob/master/lib/index.js#L32

if (!callback || callback === null) return joined;
callback(joined);

It also works fine without passing callback argument. Like this:

const hstore = require('pg-hstore')();
const dataParsed = hstore.parse(data);
const dataStringified = hstore.stringify(data);

Am I correct?

Hi,

I use the pg-hstore package from my code. I did a scan in my code with Trivy and it said to me:

do you fixed underscore's version 1.12.1