A little more cleanup, and redo-docs

README.md

@@ -45,6 +45,10 @@ A node query builder for various SQL databases, based on CodeIgniter's query bui
 			// Database module result handling
 		});
 		
+### Security notes
+As of version 2, `where` and `having` type methods parse the values passed to look for function calls. While values passed are still passed as query parameters, take care to avoid passing these kinds of methods unfiltered input. SQL function arguments are not currently parsed, so they need to be properly escaped for the current database. 
+
+		
 ### Additional help
 
 * Generated documentation is in the docs/ folder 

docs/adapter.js.html

@@ -92,15 +92,6 @@ module.exports = {
 	 */
 	execute: function(sql, params, callback) {
 		throw new Error("Correct adapter not defined for query execution");
-	},
-
-	/**
-	 * Close the connection that is open on the current adapter
-	 *
-	 * @return void
-	 */
-	close: function() {
-		throw new Error("Close method not defined for the current adapter");
 	}
 };</pre>
 	</article>

docs/driver.js.html

@@ -99,8 +99,6 @@ var d = {
 	 * @private
 	 */
 	_quote: function(str) {
-		//if (/[0-9]+|\'(.*?)\'/ig.test(str)) return str;
-
 		return (helpers.isString(str) && ! (str.startsWith(d.identifierChar) || str.endsWith(d.identifierChar)))
 			? d.identifierChar + str + d.identifierChar
 			: str;
@@ -152,12 +150,6 @@ var d = {
 			return str.map(d.quoteIdentifiers);
 		}
 
-if ( ! helpers.isString(str))
-{
-	console.error(str);
-	return str;
-}
-
 		// Handle commas
 		if (str.contains(','))
 		{

docs/index.html

@@ -130,7 +130,8 @@ query.select('foo')
     .limit(2, 3)
     .get(function(/* Adapter dependent arguments */) {
         // Database module result handling
-    });</code></pre><h3>Additional help</h3><ul>
+    });</code></pre><h3>Security notes</h3><p>As of version 2, <code>where</code> and <code>having</code> type methods parse the values passed to look for function calls. While values passed are still passed as query parameters, take care to avoid passing these kinds of methods unfiltered input. SQL function arguments are not currently parsed, so they need to be properly escaped for the current database. </p>
+<h3>Additional help</h3><ul>
 <li>Generated documentation is in the docs/ folder </li>
 <li><code>tests/query-builder-base.js</code>    contains a lot of usage examples</li>
 <li>The <code>tests/adapters</code> folder contains examples of how to set up a connection for the appropriate database library</li>

docs/module-adapter.html

@@ -152,93 +152,6 @@
 
         <dl>
             
-<dt>
-    <h4 class="name" id="close"><span class="type-signature">&lt;static> </span>close<span class="signature">()</span><span class="type-signature"></span></h4>
-    
-    
-</dt>
-<dd>
-    
-    
-    <div class="description">
-        <p>Close the connection that is open on the current adapter</p>
-    </div>
-    
-
-    
-    
-    
-    
-    
-    
-    
-<dl class="details">
-	
-
-	
-
-	
-
-	
-
-	
-
-	
-
-	
-
-	
-
-	
-
-
-
-	
-	<dt class="tag-source">Source:</dt>
-	<dd class="tag-source">
-		<ul class="dummy">
-			<li>
-				<a href="adapter.js.html">adapter.js</a>,
-				 <a href="adapter.js.html#sunlight-1-line-23">line 23</a>
-			</li>
-		</ul>
-	</dd>
-	
-
-	
-
-	
-
-	
-</dl>
-
-    
-    
-
-    
-
-    
-    
-    
-    
-    
-    <h5>Returns:</h5>
-    
-            
-<div class="param-desc">
-    <p>void</p>
-</div>
-
-
-
-
-        
-    
-    
-</dd>
-
-        
-            
 <dt>
     <h4 class="name" id="execute"><span class="type-signature">&lt;static> </span>execute<span class="signature">(sql, params, callback)</span><span class="type-signature"></span></h4>
     

lib/adapter.js

@@ -13,14 +13,5 @@ module.exports = {
 	 */
 	execute: function(sql, params, callback) {
 		throw new Error("Correct adapter not defined for query execution");
-	},
-
-	/**
-	 * Close the connection that is open on the current adapter
-	 *
-	 * @return void
-	 */
-	close: function() {
-		throw new Error("Close method not defined for the current adapter");
 	}
 };

lib/driver.js

@@ -20,8 +20,6 @@ var d = {
 	 * @private
 	 */
 	_quote: function(str) {
-		//if (/[0-9]+|\'(.*?)\'/ig.test(str)) return str;
-
 		return (helpers.isString(str) && ! (str.startsWith(d.identifierChar) || str.endsWith(d.identifierChar)))
 			? d.identifierChar + str + d.identifierChar
 			: str;
@@ -73,12 +71,6 @@ var d = {
 			return str.map(d.quoteIdentifiers);
 		}
 
-if ( ! helpers.isString(str))
-{
-	console.error(str);
-	return str;
-}
-
 		// Handle commas
 		if (str.contains(','))
 		{

tests/helpers_test.js

@@ -70,12 +70,14 @@ var helperTests = {
 	'regexInArray': function(test) {
 		var orig = ['apple', ' string ', 6, 4, 7];
 
-		test.expect(4);
+		test.expect(6);
 
 		test.equal(false, helpers.regexInArray(orig, /\$/), 'Dollar sign is not in any of the array items');
 		test.equal(true, helpers.regexInArray(orig, /^ ?string/), "' string ' matches /^ ?string/");
 		test.equal(true, helpers.regexInArray(orig, /APPLE/i), "'apple' matches /APPLE/i");
 		test.equal(false, helpers.regexInArray(orig, /5/), 'None of the numbers in the array match /5/');
+		test.equal(false, helpers.regexInArray(5, /5/), 'First argument is not an array');
+		test.equal(false, helpers.regexInArray([], /.*/), 'Array is empty');
 
 		test.done();
 	}

tests/query-builder-base.js

@@ -152,13 +152,6 @@ module.exports = (function QueryBuilderTestBase()  {
 					.where('id > 3')
 					.get(base.testCallback.bind(this, test));
 			},
-			/*'Select with function in WHERE clause': function(test) {
-				test.expect(1);
-				base.qb.select('id', 'key as k', 'val')
-					.from('create_test')
-					.where('val !=', 'CURRENT_TIMESTAMP()')
-					.get(base.testCallback.bind(this, test));
-			},*/
 			'Select with function and argument in WHERE clause': function(test) {
 				test.expect(1);
 				base.qb.select('id')