docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago • verified publisher icon prisma

Document cases where you can't use $queryRaw and you must use $queryRawUnsafe

Open matthewmueller opened this issue 3 years ago • 0 comments

(Written by @Weakky, where he provided a nice explanation of the problem)

We have a couple of issues where people are misusing $queryRaw

  • https://github.com/prisma/prisma/issues/12456
  • https://github.com/prisma/prisma/issues/10051
  • https://github.com/prisma/prisma/issues/12531

We have a couple of issues about people misunderstanding why they can’t just write their SQL query inside their SQL editor and then replace everything they want to make dynamic.

The problem is, columns cannot be used as prepared values, nor can sql statements in general.

eg:

SELECT $1 FROM "Table"

SELECT * FROM "Table" ORDER BY $1

Internal Reference: https://www.notion.so/prismaio/Query-Raw-issues-dfffba5865e94b23adc02a8a4e478526#9ca29410c9d8442993ec81a8d8437998

matthewmueller avatar Apr 12 '22 17:04 matthewmueller