Replies: 1 comment 3 replies
-
|
@skyien Thanks for bringing this up! I've drafted a PR here that starts to decouple things from the Let us know if this unblocks you for Postgres support, and please share your progress with us! |
Beta Was this translation helpful? Give feedback.
-
|
In the next release you should be able to do: let (sql, bindings) = query.prepare { "$\($0)" } |
Beta Was this translation helpful? Give feedback.
-
|
Looks great! Thanks, @stephencelis! |
Beta Was this translation helpful? Give feedback.
-
|
@skyien We recently expanded the binding type to dates and UUIDs and it can/should be further expanded. If you want to PR the change or maintain a branch for Postgres that can eventually be merged, we are definitely down for that. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Postgres uses "$n" for placeholders.
"The command string can use parameter values, which are referenced in the command as $1 , $2 , etc. These symbols refer to values supplied in the USING clause. This method is often preferable to inserting data values into the command string as text: it avoids run-time overhead of converting the values to text and back, and it is much less prone to SQL-injection attacks since there is no need for quoting or escaping. An example is:"
SELECT count(*) FROM mytable WHERE inserted_by = $1 AND inserted <= $2https://www.postgresql.org/docs/current/plpgsql-statements.html
Beta Was this translation helpful? Give feedback.
All reactions