added pg functions keyword and identifier, updated README#2
added pg functions keyword and identifier, updated README#2fritzy wants to merge 2 commits intofelixfbecker:masterfrom
Conversation
|
@nlf fixed that and replaced function in the examples (were erroneously keyword when they should have been identifier) |
|
Thanks for the PR, I don't know how I should feel about it though. The purpose of this module was to take a template string and transform it into an object with placeholder queries and values that both pg and mysql understand, and let them do the escaping. You can use |
|
Ah, I didn't realize the pg client had these already; these seem to be undocumented features. I have to say that I don't like that it's bothering to produce 2 strings when all I need is one, but otherwise this little module is great. |
|
Yeah, I only found them by searching in the repo. Maybe someone should open a PR to add this to their docs? |
|
Yup, that's why I opened issue #3 |
|
@felixfbecker I was trying to avoid this: SQL`... ORDER BY ${SQL.raw(pg.Client.prototype.escapeIdentifier(args.orderBy))} ${SQL.raw(validSort.has(args.sort.toUpperCase()) ? args.sort : 'DESC')}` |
|
what if we just allow passing a second parameter to let escape = pg.Client.prototype.escapeIdentifier;
let query = SQL`... ORDER BY ${SQL.raw(args.orderBy, escape)}` |
|
though i'm not sure that's really much better than just doing let escape = pg.Client.prototype.escapeIdentifier;
let query = SQL`... ORDER BY ${SQL.raw(escape(args.orderBy))}`maybe just a little easier to read since it has fewer parens |
|
Yeah, it's unfortunate that the escape functions sits on the client prototype. I would suggest doing let escape = pg.Client.prototype.escapeIdentifier |
3 participants
Not sure if you want the PG statements set in there, or how you wanted to deal with different dialects, but this is one way to do it. I wanted to be able to enforce some user input filtering on identifiers and keywords.