From 05836272ddba75b23c93c925e095affd22e939dc Mon Sep 17 00:00:00 2001
From: Michael Drury <me@michaeldrury.co.uk>
Date: Fri, 11 Mar 2022 00:19:26 +0000
Subject: [PATCH 1/3] Adding a mechanism to concat strings in queries, there
 was a problem when char const strings were wrapping bindings, this should
 find instances of that and replace with a datasource specific method of
 concating the constant with the variable.

---
 .../src/integrations/base/datasourcePlus.ts    |  1 +
 .../server/src/integrations/googlesheets.ts    |  4 ++++
 .../src/integrations/microsoftSqlServer.ts     |  4 ++++
 packages/server/src/integrations/mysql.ts      |  4 ++++
 packages/server/src/integrations/oracle.ts     |  4 ++++
 packages/server/src/integrations/postgres.ts   |  4 ++++
 packages/server/src/threads/query.js           | 18 +++++++++++++++++-
 7 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/packages/server/src/integrations/base/datasourcePlus.ts b/packages/server/src/integrations/base/datasourcePlus.ts
index 32edbc06a2..f55dcf0f9a 100644
--- a/packages/server/src/integrations/base/datasourcePlus.ts
+++ b/packages/server/src/integrations/base/datasourcePlus.ts
@@ -8,5 +8,6 @@ export interface DatasourcePlus extends IntegrationBase {
   // if the datasource supports the use of bindings directly (to protect against SQL injection)
   // this returns the format of the identifier
   getBindingIdentifier(): string
+  getStringConcat(parts: string[]): string
   buildSchema(datasourceId: string, entities: Record<string, Table>): any
 }
diff --git a/packages/server/src/integrations/googlesheets.ts b/packages/server/src/integrations/googlesheets.ts
index 9f2f6bedf7..bb2de26f5d 100644
--- a/packages/server/src/integrations/googlesheets.ts
+++ b/packages/server/src/integrations/googlesheets.ts
@@ -115,6 +115,10 @@ module GoogleSheetsModule {
       return ""
     }
 
+    getStringConcat(parts: string[]) {
+      return ""
+    }
+
     /**
      * Pull the spreadsheet ID out from a valid google sheets URL
      * @param spreadsheetId - the URL or standard spreadsheetId of the google sheet
diff --git a/packages/server/src/integrations/microsoftSqlServer.ts b/packages/server/src/integrations/microsoftSqlServer.ts
index aa06c47083..949c893b99 100644
--- a/packages/server/src/integrations/microsoftSqlServer.ts
+++ b/packages/server/src/integrations/microsoftSqlServer.ts
@@ -129,6 +129,10 @@ module MSSQLModule {
       return `(@p${this.index++})`
     }
 
+    getStringConcat(parts: string[]): string {
+      return `concat(${parts.join(", ")})`
+    }
+
     async connect() {
       try {
         this.client = await this.pool.connect()
diff --git a/packages/server/src/integrations/mysql.ts b/packages/server/src/integrations/mysql.ts
index 42b53bc603..8b2c9ac944 100644
--- a/packages/server/src/integrations/mysql.ts
+++ b/packages/server/src/integrations/mysql.ts
@@ -99,6 +99,10 @@ module MySQLModule {
       return "?"
     }
 
+    getStringConcat(parts: string[]): string {
+      return `concat(${parts.join(", ")})`
+    }
+
     async connect() {
       this.client = await mysql.createConnection(this.config)
     }
diff --git a/packages/server/src/integrations/oracle.ts b/packages/server/src/integrations/oracle.ts
index bb4ef70403..b9d6643d63 100644
--- a/packages/server/src/integrations/oracle.ts
+++ b/packages/server/src/integrations/oracle.ts
@@ -179,6 +179,10 @@ module OracleModule {
       return `:${this.index++}`
     }
 
+    getStringConcat(parts: string[]): string {
+      return `concat(${parts.join(", ")})`
+    }
+
     /**
      * Map the flat tabular columns and constraints data into a nested object
      */
diff --git a/packages/server/src/integrations/postgres.ts b/packages/server/src/integrations/postgres.ts
index e86cd89c03..1dc6fd9d2d 100644
--- a/packages/server/src/integrations/postgres.ts
+++ b/packages/server/src/integrations/postgres.ts
@@ -148,6 +148,10 @@ module PostgresModule {
       return `$${this.index++}`
     }
 
+    getStringConcat(parts: string[]): string {
+      return parts.join(" || ")
+    }
+
     async internalQuery(query: SqlQuery) {
       const client = this.client
       this.index = 1
diff --git a/packages/server/src/threads/query.js b/packages/server/src/threads/query.js
index 36bc3d7f36..c547a10c74 100644
--- a/packages/server/src/threads/query.js
+++ b/packages/server/src/threads/query.js
@@ -37,7 +37,23 @@ class QueryRunner {
     for (let binding of bindings) {
       let variable = integration.getBindingIdentifier()
       variables.push(binding)
-      sql = sql.replace(binding, variable)
+      // check if the variable was used as part of a string concat e.g. 'Hello {{binding}}'
+      const charConstRegex = new RegExp(`'[^']*${binding}[^']*'`)
+      const charConstMatch = sql.match(charConstRegex)
+      if (charConstMatch) {
+        let [part1, part2] = charConstMatch[0].split(binding)
+        part1 = `'${part1.substring(1)}'`
+        part2 = `'${part2.substring(0, part2.length - 1)}'`
+        sql = sql.replace(
+          charConstMatch[0],
+          integration.getStringConcat([part1, variable, part2])
+        )
+      } else {
+        sql = sql.replace(binding, variable)
+      }
+      // const indexOfBinding = sql.indexOf(binding)
+      // const constantStr = `'${binding}'`
+      // sql = sql.replace(sql.indexOf(constantStr) === indexOfBinding - 1 ? constantStr : binding, variable)
     }
     // replicate the knex structure
     fields.sql = sql

From 7f36cc97c9a817218f4afa9469f6315f74843b5c Mon Sep 17 00:00:00 2001
From: Michael Drury <me@michaeldrury.co.uk>
Date: Fri, 11 Mar 2022 00:40:01 +0000
Subject: [PATCH 2/3] Switching to correct concat function for oracle.

---
 packages/server/src/integrations/oracle.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/server/src/integrations/oracle.ts b/packages/server/src/integrations/oracle.ts
index b9d6643d63..7cb7ba88cf 100644
--- a/packages/server/src/integrations/oracle.ts
+++ b/packages/server/src/integrations/oracle.ts
@@ -180,7 +180,7 @@ module OracleModule {
     }
 
     getStringConcat(parts: string[]): string {
-      return `concat(${parts.join(", ")})`
+      return parts.join(" || ")
     }
 
     /**

From 0d7db82c71612166ff22de99c4c4d0ee0f269de9 Mon Sep 17 00:00:00 2001
From: Michael Drury <me@michaeldrury.co.uk>
Date: Sat, 12 Mar 2022 11:13:41 +0000
Subject: [PATCH 3/3] Fixing MS-SQL variable sub.

---
 packages/server/src/integrations/microsoftSqlServer.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/server/src/integrations/microsoftSqlServer.ts b/packages/server/src/integrations/microsoftSqlServer.ts
index 949c893b99..1b37b5df9a 100644
--- a/packages/server/src/integrations/microsoftSqlServer.ts
+++ b/packages/server/src/integrations/microsoftSqlServer.ts
@@ -126,7 +126,7 @@ module MSSQLModule {
     }
 
     getBindingIdentifier(): string {
-      return `(@p${this.index++})`
+      return `@p${this.index++}`
     }
 
     getStringConcat(parts: string[]): string {