Added database query parameter sanitisation to replace nullish values with null

lib/DatabaseConnectionPool.js

@@ -38,7 +38,8 @@ class DatabaseConnectionPool {
 	 * Sanitise and validate an sql query
 	 *
 	 * @param {string} sql The query to be executed
-	 * @param {(Array<string|number>)} Values to replace prepared statement
+	 * @param {(Array<string|number|null|undefined>)} params
+	 * 	Values to replace prepared statement
 	 *
 	 * @return {string} Sanitised and validated sql query
 	 */
@@ -57,9 +58,29 @@ class DatabaseConnectionPool {
 		} else if (prepared && params.length !== expectedParams) {
 			throw new Error('Number of params does not equal ' +
 				'expected number');
+		} else if (prepared) {
+			params = DatabaseConnectionPool.sanitiseParams(params);
 		}
 
-		return sql;
+		return [ sql, params ];
+	}
+
+	/**
+	 * Sanitise the parameters for a prepared sql statement
+	 *
+	 * @param {(Array<string|number|null|undefined>)} params
+	 * 	Values to replace prepared statement
+	 *
+	 * @return {(Array<string|number|null|undefined)} Sanitised params
+	 */
+	static sanitiseParams(params) {
+		const newParams = [];
+
+		params.forEach(param => {
+			newParams.push(param ?? null);
+		});
+
+		return newParams;
 	}
 
 	/**
@@ -71,7 +92,8 @@ class DatabaseConnectionPool {
 	 * @return {(Array<object>|object)} Data returned from the database
 	 */
 	async runQuery(sql, params) {
-		sql = this.validateQuery(sql, params);
+		[ sql, params ] =
+			DatabaseConnectionPool.validateQuery(sql, params);
 		const prepared = sql.includes('?');
 
 		let data;