fix: boolean parameter escape in SQLiteDriver (typeorm#9400)

* fix: sqlite boolean parameter escape

sqlite does not support boolean parameters. Even though sqlite is able to transform true to 1 and false to 0 there might be some limitations with other implementations that build up on this.

Fixes: typeorm#1981 (again)

* fix: remove obsolete where boolean value transformation

3cbbe90 already handles the boolean value transformation so it is not necessary to have additional code in the query runner for handling this

* test: add test cases for sqlite query parameter escape

* fix typo

Author: michaelwolz

src/driver/better-sqlite3/BetterSqlite3QueryRunner.ts

@@ -83,13 +83,6 @@ export class BetterSqlite3QueryRunner extends AbstractSqliteQueryRunner {
 
         const connection = this.driver.connection
 
-        parameters = parameters || []
-        for (let i = 0; i < parameters.length; i++) {
-            // in "where" clauses the parameters are not escaped by the driver
-            if (typeof parameters[i] === "boolean")
-                parameters[i] = +parameters[i]
-        }
-
         this.driver.connection.logger.logQuery(query, parameters, this)
         const queryStartTime = +new Date()
 

src/driver/sqlite-abstract/AbstractSqliteDriver.ts

@@ -480,6 +480,16 @@ export abstract class AbstractSqliteDriver implements Driver {
                     return String(value)
                 }
 
+                // Sqlite does not have a boolean data type so we have to transform
+                // it to 1 or 0
+                if (typeof value === "boolean") {
+                    escapedParameters.push(+value)
+                    return this.createParameter(
+                        key,
+                        escapedParameters.length - 1,
+                    )
+                }
+
                 if (value instanceof Date) {
                     escapedParameters.push(
                         DateUtils.mixedDateToUtcDatetimeString(value),

test/functional/driver/abstract-sqlite/abstract-sqlite-escape-query-parameters.ts

@@ -0,0 +1,75 @@
+import { DataSource } from "../../../../src"
+import {
+    createTestingConnections,
+    reloadTestingDatabases,
+    closeTestingConnections,
+} from "../../../utils/test-utils"
+
+describe("escape sqlite query parameters", () => {
+    let connections: DataSource[]
+    before(
+        async () =>
+            (connections = await createTestingConnections({
+                entities: [__dirname + "/entity/*{.js,.ts}"],
+                enabledDrivers: ["sqlite", "better-sqlite3"],
+            })),
+    )
+    beforeEach(() => reloadTestingDatabases(connections))
+    after(() => closeTestingConnections(connections))
+
+    it("should transform boolean parameters with value `true` into `1`", () =>
+        Promise.all(
+            connections.map((connection) => {
+                const [_, parameters] =
+                    connection.driver.escapeQueryWithParameters(
+                        "SELECT nothing FROM irrelevant WHERE a = :param1",
+                        { param1: true },
+                        {},
+                    )
+
+                parameters.should.eql([1])
+            }),
+        ))
+
+    it("should transform boolean parameters with value `false` into `0`", () =>
+        Promise.all(
+            connections.map((connection) => {
+                const [_, parameters] =
+                    connection.driver.escapeQueryWithParameters(
+                        "SELECT nothing FROM irrelevant WHERE a = :param1",
+                        { param1: false },
+                        {},
+                    )
+
+                parameters.should.eql([0])
+            }),
+        ))
+
+    it("should transform boolean nativeParameters with value `true` into `1`", () =>
+        Promise.all(
+            connections.map((connection) => {
+                const [_, parameters] =
+                    connection.driver.escapeQueryWithParameters(
+                        "SELECT nothing FROM irrelevant",
+                        {},
+                        { nativeParam1: true },
+                    )
+
+                parameters.should.eql([1])
+            }),
+        ))
+
+    it("should transform boolean nativeParameters with value `false` into 0", () =>
+        Promise.all(
+            connections.map((connection) => {
+                const [_, parameters] =
+                    connection.driver.escapeQueryWithParameters(
+                        "SELECT nothing FROM irrelevant",
+                        {},
+                        { nativeParam1: false },
+                    )
+
+                parameters.should.eql([0])
+            }),
+        ))
+})