sql-builder
sql-builder copied to clipboard
manyuanrong
SQL query builder for Deno
Which dialect Sql builder is targeting ? Sqlite, mysql, ..?
does this count as injection ? ```javascript var s_value_entered_by_user = '1 OR 1=1'; var sql = builder .table("a_o_user") .where("n_id", "=", s_value_entered_by_user) // .where("name", "like", "%n%") .update({ s_name: "overwritten!" }) .build();...
I'm not sure about this, also pretty new to SQLite and it's been pretty long in general since I dealt with SQL, though I get the same error trying to...
Readability is very poor in this piece of code… However, if you remove those unnecessary `else`'s (because you have `return`'s everywhere), the code will become slightly more readable https://github.com/manyuanrong/sql-builder/blob/2b2b5dea7ce1b3fd37a349446279f6dbef6bb23a/util.ts#L15
Having an API for something like this would be great: `SELECT user.id, user.name FROM user, project WHERE project.user_id = ?`
The sql-builder currently use double-quotes for string values, but with `ANSI_QUOTES` set in `sql_mode`, MySQL will treat double-quotes as identifiers instead of strings. Related: https://github.com/denodrivers/mysql/issues/108
The SQL:1999 standard specifies that double quote (") (QUOTATION MARK) is used to delimit identifiers. The backtick doesn't work with PostgreSQL.
I know it's a big thing and can be solved using an alias when importing, but just an idea. Database drivers already have a class Query. And also aligns better...