Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE]: do not allow raw SQL execution in db.execute(), instead have a dedicated method for it. #3598

Open
1 task done
dmitrysteblyuk opened this issue Nov 22, 2024 · 1 comment
Open
1 task done

[FEATURE]: do not allow raw SQL execution in db.execute(), instead have a dedicated method for it. #3598

dmitrysteblyuk opened this issue Nov 22, 2024 · 1 comment
Labels
enhancement New feature or request qb/crud

Comments

@dmitrysteblyuk
Copy link

dmitrysteblyuk commented Nov 22, 2024
edited
Loading

Feature hasn't been suggested before.

  • I have verified this feature I'm about to request hasn't been suggested before.

Describe the enhancement you want to request

I propose db.execute() should not allow executing a string.
Instead, a separate method should be added for that. For example: db.executeSQLDangerously(sql: string).

Motivation

One can forget to use sql or accidentally remove it.

For example, these 2 snippets look eerily similar and the difference might be overlooked during code review:

await db.execute(sql`select * from users where id = ${id}`);

vs

await db.execute(`select * from users where id = ${id}`);

P.S. I'd be happy to submit a PR if this proposal is approved..
@dmitrysteblyuk dmitrysteblyuk added the enhancement New feature or request label Nov 22, 2024
@L-Mario564
Copy link
Collaborator

I think a better name would be something like executeUnsafe; I agree with your main point though. You can feel free to file an PR for this.

@dmitrysteblyuk dmitrysteblyuk mentioned this issue Dec 13, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request qb/crud
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dmitrysteblyuk @L-Mario564