New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →

sql-bricks

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

sql-bricks

Transparent, Schemaless SQL Generation

2.0.1

Source

npm

Version published: 8 years ago

Maintainers: 1

Created: 11 years ago

Source

SQL Bricks.js

SQL Bricks.js is a transparent, schemaless library for building and composing SQL statements.

Supports all SQL-92 clauses for select/insert/update/delete with the exception of asc/desc/collate options for orderBy(), see #73 (postgres extensions are at https://github.com/Suor/sql-bricks-postgres, sqlite extensions are at https://github.com/CSNW/sql-bricks-sqlite)
Over 200 tests
Easy-to-use, comprehensive docs
Single straightforward source file (~1,100 lines), easy to understand & debug

Comparison with popular SQL-generation libraries:

library	lines	files	schema	language	other notes
Knex	3500	30	schema	javascript	transactions, migrations, promises, connection pooling
Squel	1000	3	schemaless	coffeescript
node-sql	2600	59	schema	javascript
mongo-sql	1700	49	schemaless	javascript
gesundheit	1600	21	schemaless	coffeescript	uses Any-DB to wrap the DB driver
sql-bricks	1100	1	schemaless	javascript

sql-bricks-postgres adds postgres-dialect extensions:
- LIMIT and OFFSET
- RETURNING
- UPDATE ... FROM
- DELETE ... USING
- FROM VALUES
pg-bricks adds:
- connections
- transactions
- query execution
- data accessors
sql-bricks-sqlite adds sqlite-dialect extensions:
- LIMIT and OFFSET
- OR REPLACE, OR ABORT, OR ROLLBACK, OR FAIL

Use

SQLBricks' only dependency is Underscore.js.

In the browser:

var select = SqlBricks.select;

In node:

var select = require('sql-bricks').select;

A simple select via .toString() and .toParams():

select().from('person').where({last_name: 'Rubble'}).toString();
// "SELECT * FROM person WHERE last_name = 'Rubble'"

select().from('person').where({last_name: 'Rubble'}).toParams();
// {"text": "SELECT * FROM person WHERE last_name = $1", "values": ["Rubble"]}

While toString() is slightly easier, toParams() is recommended because:

It provides robust protection against SQL injection attacks (toString() just does basic escaping)
It provides better support for complex data types (objects, arrays, etc, are passed directly to your database driver instead of being "stringified")
It provides more helpful error messages (see https://github.com/Suor/sql-bricks-postgres/issues/10)

Examples

The SQLBricks API is comprehensive, supporting all of SQL-92 for select/insert/update/delete. It is also quite flexible; in most places arguments can be passed in a variety of ways (arrays, objects, separate arguments, etc). That said, here are some of the most common operations:

// convenience variables (for node; for the browser: "var sql = SqlBricks;")
var sql = require('sql-bricks');
var select = sql.select, insert = sql.insert, update = sql.update;
var or = sql.or, like = sql.like, lt = sql.lt;

// WHERE: (.toString() is optional; JS will call it automatically in most cases)
select().from('person').where({last_name: 'Rubble'}).toString();
// SELECT * FROM person WHERE last_name = 'Rubble'

// JOINs:
select().from('person').join('address').on({'person.addr_id': 'address.id'});
// SELECT * FROM person INNER JOIN address ON person.addr_id = address.id

// Nested WHERE criteria:
select('*').from('person').where(or(like('last_name', 'Flint%'), {'first_name': 'Fred'}));
// SELECT * FROM person WHERE last_name LIKE 'Flint%' OR first_name = 'Fred'

// GROUP BY / HAVING
select('city', 'max(temp_lo)').from('weather')
  .groupBy('city').having(lt('max(temp_lo)', 40))
// SELECT city, max(temp_lo) FROM weather
// GROUP BY city HAVING max(temp_lo) < 40

// INSERT
insert('person', {'first_name': 'Fred', 'last_name': 'Flintstone'});
// INSERT INTO person (first_name, last_name) VALUES ('Fred', 'Flintstone')

// UPDATE
update('person', {'first_name': 'Fred', 'last_name': 'Flintstone'});
// UPDATE person SET first_name = 'Fred', last_name = 'Flintstone'


// Parameterized SQL
update('person', {'first_name': 'Fred'}).where({'last_name': 'Flintstone'}).toParams();
// {"text": "UPDATE person SET first_name = $1 WHERE last_name = $2", "values": ["Fred", "Flintstone"]}

// SQLite-style params
update('person', {'first_name': 'Fred'}).where({'last_name': 'Flintstone'}).toParams({placeholder: '?%d'});
// {"text": "UPDATE person SET first_name = ?1 WHERE last_name = ?2", "values": ["Fred", "Flintstone"]}

// MySQL-style params
update('person', {'first_name': 'Fred'}).where({'last_name': 'Flintstone'}).toParams({placeholder: '?'});
// {"text": "UPDATE person SET first_name = ? WHERE last_name = ?", "values": ["Fred", "Flintstone"]}

Documentation: http://csnw.github.io/sql-bricks

License: MIT

Keywords

FAQs

What is sql-bricks?

Is sql-bricks well maintained?

Package last updated on 31 Oct 2016

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install