Add .toSqlString() escapeId overriding

closes #57
closes #58

Author: dovidgef

HISTORY.md

@@ -1,3 +1,8 @@
+unreleased
+==========
+
+  * Add `.toSqlString()` escapeId overriding
+
 2.3.3 / 2022-03-06
 ==================
 

README.md

@@ -172,6 +172,10 @@ console.log(sql); // SELECT `username`, `email` FROM `users` WHERE id = 1
 ```
 **Please note that this last character sequence is experimental and syntax might change**
 
+To skip escaping one or more of the columns names that you pass to `SqlString.escapeId()`
+you may use `SqlString.raw()` similarly to how it is used with `SqlString.escape()`.
+See above for more details.
+
 When you pass an Object to `.escape()` or `.format()`, `.escapeId()` is used to avoid SQL injection in object keys.
 
 ### Formatting queries

lib/SqlString.js

@@ -24,6 +24,8 @@ SqlString.escapeId = function escapeId(val, forbidQualified) {
     }
 
     return sql;
+  } else if (typeof val.toSqlString === 'function') {
+    return String(val.toSqlString());
   } else if (forbidQualified) {
     return '`' + String(val).replace(ID_GLOBAL_REGEXP, '``') + '`';
   } else {

test/unit/test-SqlString.js

@@ -46,6 +46,14 @@ test('SqlString.escapeId', {
 
   'nested arrays are flattened': function() {
     assert.equal(SqlString.escapeId(['a', ['b', ['t.c']]]), '`a`, `b`, `t`.`c`');
+  },
+
+  'raw not escaped': function () {
+    assert.equal(SqlString.escapeId(SqlString.raw('*')), '*');
+  },
+
+  'raw within array not escaped': function () {
+    assert.equal(SqlString.escapeId(['a', SqlString.raw('*'), 'b']), '`a`, *, `b`');
   }
 });