Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

rawry

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

rawry

Modern ECMAScript layer for safely executing raw queries against MySQL

  • 1.0.3
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

Rawry

Provides an API on top of mysql designed for Tagged Template Strings and async/await to make using raw SQL safe and lovely from modern ECMAScript.

Usage

import rawry from 'rawry'

const { transaction, query, querySingle } = rawry({ host: '', user: '', password: '', database: '' })

const name = 'Giles'
const anotherName = 'Ernest'

/**
 * Transactions are auto committed if the returned Promise resolves successfully.
 * Using async/await will do this behavior with normal flow control.
 **/
await transaction(async { query } => {
  await query`insert into people (name) values (${name})`
  await query`insert into people (name) values (${anotherName})`
})

// querySingle returns a single row
const longNameLength = 5
const { peopleCount } = await querySingle`select count(*) peopleCount from people where length(name)>${longNameLength}`

// query returns an array of row results
for (const { name } of await query`select name from people`) {
  console.log(name)
}

What about SQL Injection!

So we're not using normal template strings. We're instead using Tagged Template Strings which give our query and querySingle functions a list of the strings and the values to splice into them. Instead of building a single string we just call the query function of the mysql connection with placeholders and supply the values from your template string separately.

When you do query`select * from people where name = ${someValue}, the query function in turn calls the mysql driver with connection.query('select * from people where name = ?', [ someValue ]).

Full details on the escaping in the mysql module can be found in it's escaping query values section.

Options

We directly pass through the options you supply rawry to the mysql connection. Find full details in their Connection options.

Want to work on this for your day job?

This project was created by the Engineering team at Qubit. As we use open source libraries, we make our projects public where possible.

We’re currently looking to grow our team, so if you’re a JavaScript engineer and keen on ES2016 React+Redux applications and Node micro services, why not get in touch? Work with like minded engineers in an environment that has fantastic perks, including an annual ski trip, yoga, a competitive foosball league, and copious amounts of yogurt.

Find more details on our Engineering site. Don’t have an up to date CV? Just link us your Github profile! Better yet, send us a pull request that improves this project.`

Keywords

FAQs

Package last updated on 21 Jul 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc