Update sqlstring to 2.3.0

Author: dougwilson

Changes.md

@@ -10,6 +10,9 @@ you spot any mistakes.
 * Fix "changedRows" to work on non-English servers #1819
 * Fix typo in insecure auth error message
 * Support `mysql_native_password` auth switch request for Azure #1396 #1729 #1730
+* Update `sqlstring` to 2.3.0
+  - Add `.toSqlString()` escape overriding
+  - Small performance improvement on `escapeId`
 * Update `bignumber.js` to 4.0.4
 
 ## v2.14.1 (2017-08-01)

Readme.md

@@ -707,6 +707,8 @@ Different value types are escaped differently, here is how:
 * Arrays are turned into list, e.g. `['a', 'b']` turns into `'a', 'b'`
 * Nested arrays are turned into grouped lists (for bulk inserts), e.g. `[['a',
   'b'], ['c', 'd']]` turns into `('a', 'b'), ('c', 'd')`
+* Objects that have a `toSqlString` method will have `.toSqlString()` called
+  and the returned value is used as the raw SQL.
 * Objects are turned into `key = 'val'` pairs for each enumerable property on
   the object. If the property's value is a function, it is skipped; if the
   property's value is an object, toString() is called on it and the returned
@@ -725,7 +727,14 @@ var query = connection.query('INSERT INTO posts SET ?', post, function (error, r
   // Neat!
 });
 console.log(query.sql); // INSERT INTO posts SET `id` = 1, `title` = 'Hello MySQL'
+```
+
+And the `toSqlString` method allows you to form complex queries with functions:
 
+```js
+var CURRENT_TIMESTAMP = { toSqlString: function() { return 'CURRENT_TIMESTAMP()'; } };
+var sql = mysql.format('UPDATE posts SET modified = ? WHERE id = ?', [CURRENT_TIMESTAMP, 42]);
+console.log(sql); // UPDATE posts SET modified = CURRENT_TIMESTAMP() WHERE id = 42
 ```
 
 If you feel the need to escape queries by yourself, you can also use the escaping

package.json

@@ -16,7 +16,7 @@
     "bignumber.js": "4.0.4",
     "readable-stream": "2.3.3",
     "safe-buffer": "5.1.1",
-    "sqlstring": "2.2.0"
+    "sqlstring": "2.3.0"
   },
   "devDependencies": {
     "after": "0.8.2",