Comments (8)
Currently this requires you to use sql.unsafe
to get around it, which is ugly and ... unsafe
const filters = [
'foo IN ('nice')',
'foo IN ('cool')
]
await sql`
SELECT foo FROM bar
${sql.unsafe(WHERE ${filters.join (' AND ')})}
`
@porsager I'm not an expert in either lib, but it seems the library-level fix for this would be a sql-safe .join
, similar to what slonik
has ?
What do you think?
from postgres.
try debugging the query that the client creates, maybe might be helpful to understand if your conditions are correct.
debug: (
conn: number,
query: string,
params: unknown[],
paramTypes: unknown[],
) => {
logger.debug(`
SQL::
Executing query: "${query.trim()}"
Params: ${JSON.stringify(params)}
Param Types: ${JSON.stringify(paramTypes)}
Connection: ${conn}
`);
},
put this in the postgres initialization options
from postgres.
Here is my test results
let dynamicFilters = [
transactionSql`id=${id}`,
transactionSql`name=${name}`,
];
await transactionSql`
SELECT * FROM table WHERE ${ dynamicFilters.join(' AND ') }
`
The generated sql is SELECT * FROM table WHERE $1
and the param is [object Promise]
let dynamicFilters = [
`id=${id}`,
`name=${name}`,
];
await transactionSql`
SELECT * FROM table WHERE ${ transactionSql`${ dynamicFilters.join(' AND ') }` }
`
The generated sql is SELECT * FROM table WHERE $1
and the param is id=x AND name=x
let dynamicFilters = [
transactionSql`id=${id}`,
transactionSql`name=${name}`,
];
await transactionSql`
SELECT * FROM table WHERE ${ transactionSql`${ dynamicFilters.join(' AND ') }` }
`
The generated sql is SELECT * FROM table WHERE $1
and the param is ["[object Promise]"
try debugging the query that the client creates, maybe might be helpful to understand if your conditions are correct.
debug: ( conn: number, query: string, params: unknown[], paramTypes: unknown[], ) => { logger.debug(` SQL:: Executing query: "${query.trim()}" Params: ${JSON.stringify(params)} Param Types: ${JSON.stringify(paramTypes)} Connection: ${conn} `); },
put this in the postgres initialization options
from postgres.
the filter fragments are being generated as promises instead of SQL query fragments. maybe await before the fragments can help?
from postgres.
the filter fragments are being generated as promises instead of SQL query fragments. maybe await before the fragments can help?
let dynamicFilters = [
await transactionSql`id=${id}`,
await transactionSql`name=${name}`,
];
await transactionSql`
SELECT * FROM table WHERE ${ dynamicFilters.join(' AND ') }
`
I tried that too, but got error invalid sql id=$1
. Seems like it try to run each snippet
from postgres.
bumping this, getting exactly the [object Promise] issue.
from postgres.
Bumping as well - pretty big deal breaker sadly :(
from postgres.
So the problem you've got is that Array.prototype.join returns a string, and sql is not just strings. You need to use a join that correctly handles sql and parameters. You need each part to be an sql fragment, rather than a string. Look at the code in issue #807 if you're unsure.
(Note: Do not use unsafe or await for this; they both will have unexpected outcomes.)
from postgres.
Related Issues (20)
- feat: support 'using' syntax and [Symbol.dispose]
- Getting Inserted id HOT 2
- Transforming undefined to `DEFAULT` HOT 1
- BUG: inconsistent behaviour inserting multiple records with implicit column names and some properties undefined.
- [BUG] Escape character in url string
- Strings with apostrophe are not properly escaped
- BUG: All further queries hang if transaction scoped sql parameter is not used in some queries [with reproduction code]
- AS in Dynamic Fields Selection Not Working HOT 2
- Crash from unestablished connection
- How to make LIKE statement with dynamic subsctring? HOT 1
- Is it possible to execute a parameterized query with separate sql and bindings? HOT 1
- Unable to query structured data
- Interpolation example in docs flagged as error HOT 1
- Transactions always re-query all types leading to huge delay HOT 3
- Get the number of available connections
- exclude pg_stat_statements logging for a procedure call HOT 1
- Dot and Periods can't be used as values HOT 1
- Problem executing Common Table Expression (WITH query) HOT 1
- π Is it possible to provide more information in the error output? HOT 1
- Is there a plan to support JSON path query for JSON/JSONBοΌ
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from postgres.