/** * SQL Escaping Utilities * * Provides safe SQL escaping functions for LanceDB query construction. * These functions help prevent SQL injection attacks by properly escaping * special characters in string values used in SQL queries. * * @module utils/sql */ /** * Escape a string value for use in SQL queries * * This function escapes: * - Backslashes: \ -> \\ * - Single quotes: ' -> '' * - Null bytes: removed entirely * - Control characters (0x00-0x1f): removed entirely * - Semicolons: removed (BUG #15 FIX - defense in depth) * - SQL comment sequences: removed (BUG #15 FIX - defense in depth) * * @param value - The string value to escape * @returns The escaped string safe for SQL queries * * @example * ```typescript * const path = "test' OR '1'='1"; * const escaped = escapeSqlString(path); * // Result: "test'' OR ''1''=''1" * const query = `path = '${escaped}'`; * ``` */ export declare function escapeSqlString(value: string): string; /** * Escape a string for use in SQL LIKE patterns * * This function: * 1. First applies all escapeSqlString transformations * 2. Then escapes SQL LIKE wildcards: * - % -> \% * - _ -> \_ * - [ -> \[ (for bracket expressions in some SQL dialects) * * @param value - The string value to escape for LIKE patterns * @returns The escaped string safe for SQL LIKE patterns * * @example * ```typescript * const pattern = "100%_complete.ts"; * const escaped = escapeLikePattern(pattern); * // Result: "100\\%\\_complete.ts" * const query = `path LIKE '${escaped}'`; * ``` */ export declare function escapeLikePattern(value: string): string; /** * Convert a glob pattern to a SQL LIKE pattern with proper escaping * * This function safely converts glob wildcards to SQL LIKE wildcards: * - ** -> % (matches any sequence including path separators) * - * -> % (matches any sequence) * - ? -> _ (matches single character) * * All other special characters are properly escaped to prevent injection. * * @param globPattern - The glob pattern to convert * @returns A properly escaped SQL LIKE pattern * * @example * ```typescript * const pattern = globToSafeLikePattern("src/*.ts"); * // Result: "src/%.ts" (* becomes %) * * const pattern2 = globToSafeLikePattern("test' OR '1'='1"); * // Result: "test'' OR ''1''=''1" (injection attempt escaped) * ``` */ export declare function globToSafeLikePattern(globPattern: string): string; //# sourceMappingURL=sql.d.ts.map