sql-template-strings
Advanced tools
Comparing version 1.1.0 to 1.1.1
@@ -16,6 +16,4 @@ 'use strict' | ||
values.push(args[i]) | ||
if (i < stringsLength - 1) { | ||
sql += '?' | ||
text += '$' + values.length | ||
} | ||
sql += '?' | ||
text += '$' + values.length | ||
} | ||
@@ -22,0 +20,0 @@ } |
{ | ||
"name": "sql-template-strings", | ||
"version": "1.1.0", | ||
"description": "Allows you to use ES6 tagged template strings for prepared statements with mysql and postgres", | ||
"version": "1.1.1", | ||
"description": "ES6 tagged template strings for prepared statements with mysql and postgres", | ||
"main": "index.js", | ||
@@ -6,0 +6,0 @@ "repository": { |
@@ -47,2 +47,3 @@ A simple yet powerful module to allow you to use ES6 tagged template strings for prepared/escaped statements in [mysql](https://www.npmjs.com/package/mysql) / [mysql2](https://www.npmjs.com/package/mysql2) and [postgres](https://www.npmjs.com/package/pq). | ||
mysql.query(SQL`SELECT * FROM ${SQL.raw(mysql.escapeId(someUserInput))} WHERE name = ${book} ORDER BY ${column} ${SQL.raw(order)}`) | ||
pg.query(SQL`SELECT * FROM ${SQL.raw(pg.escapeIdentifier(someUserInput))} WHERE name = ${book} ORDER BY ${column} ${SQL.raw(order)}`) | ||
@@ -61,4 +62,4 @@ // you might need to add quotes | ||
## Prepared Statements in Postgre | ||
Postgre requires prepared statements to be named, otherwise the parameters will be escaped and replaced on the client side. | ||
## Prepared Statements in Postgres | ||
Postgres requires prepared statements to be named, otherwise the parameters will be escaped and replaced on the client side. | ||
You can still use SQL template strings though, you just need to assign a name to the query before using it: | ||
@@ -65,0 +66,0 @@ ```js |
82
7015
5
73