File tree Expand file tree Collapse file tree 1 file changed +3
-2
lines changed Expand file tree Collapse file tree 1 file changed +3
-2
lines changed Original file line number Diff line number Diff line change @@ -44,6 +44,7 @@ db.query(SQL`SELECT * FROM ${SQL.raw(table)} WHERE author = ${author} ORDER BY $
4444
4545// you MUST escape user input manually
4646mysql .query (SQL ` SELECT * FROM ${ SQL .raw (mysql .escapeId (someUserInput))} WHERE name = ${ book} ORDER BY ${ column} ${ SQL .raw (order)} `
47+ pg .query (SQL ` SELECT * FROM ${ SQL .raw (pg .escapeIdentifier (someUserInput))} WHERE name = ${ book} ORDER BY ${ column} ${ SQL .raw (order)} `
4748
4849// you might need to add quotes
4950pg .query (SQL ` SELECT * FROM " ${SQL.raw(table)}" `
@@ -57,8 +58,8 @@ for (let table of largeArray) {
5758}
5859```
5960
60- ## Prepared Statements in Postgre
61- Postgre requires prepared statements to be named, otherwise the parameters will be escaped and replaced on the client side.
61+ ## Prepared Statements in Postgres
62+ Postgres requires prepared statements to be named, otherwise the parameters will be escaped and replaced on the client side.
6263You can still use SQL template strings though, you just need to assign a name to the query before using it:
6364``` js
6465// old way
You can’t perform that action at this time.
0 commit comments