-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
added pg functions keyword and identifier, updated README #2
Conversation
@nlf fixed that and replaced function in the examples (were erroneously keyword when they should have been identifier) |
Thanks for the PR, I don't know how I should feel about it though. The purpose of this module was to take a template string and transform it into an object with placeholder queries and values that both pg and mysql understand, and let them do the escaping. You can use |
Ah, I didn't realize the pg client had these already; these seem to be undocumented features. I have to say that I don't like that it's bothering to produce 2 strings when all I need is one, but otherwise this little module is great. |
Yeah, I only found them by searching in the repo. Maybe someone should open a PR to add this to their docs? |
Yup, that's why I opened issue #3 |
@felixfbecker I was trying to avoid this: SQL`... ORDER BY ${SQL.raw(pg.Client.prototype.escapeIdentifier(args.orderBy))} ${SQL.raw(validSort.has(args.sort.toUpperCase()) ? args.sort : 'DESC')}` |
what if we just allow passing a second parameter to let escape = pg.Client.prototype.escapeIdentifier;
let query = SQL`... ORDER BY ${SQL.raw(args.orderBy, escape)}` |
though i'm not sure that's really much better than just doing let escape = pg.Client.prototype.escapeIdentifier;
let query = SQL`... ORDER BY ${SQL.raw(escape(args.orderBy))}` maybe just a little easier to read since it has fewer parens |
Yeah, it's unfortunate that the escape functions sits on the client prototype. I would suggest doing let escape = pg.Client.prototype.escapeIdentifier |
Not sure if you want the PG statements set in there, or how you wanted to deal with different dialects, but this is one way to do it. I wanted to be able to enforce some user input filtering on identifiers and keywords.