sanitizeExpression function

  1. @deprecated
String sanitizeExpression(
  1. String unsafe
)

The ORM prefers using substitution values, which allow for prepared queries, and prevent SQL injection attacks.

Implementation

@deprecated
String sanitizeExpression(String unsafe) {
  var buf = StringBuffer();
  var scanner = StringScanner(unsafe);
  int ch;

  while (!scanner.isDone) {
    // Ignore comment starts
    if (scanner.scan('--') || scanner.scan('/*')) {
      continue;
    }

    // Ignore all single quotes and attempted escape sequences
    else if (scanner.scan("'") || scanner.scan('\\')) {
      continue;
    }

    // Otherwise, add the next char, unless it's a null byte.
    else if ((ch = scanner.readChar()) != $nul && ch != null) {
      buf.writeCharCode(ch);
    }
  }

  return toSql(buf.toString(), withQuotes: false);
}