ES2015 tagged template string for preparing SQL statements.
npm install sql-template-tag --save
import sql, { empty, join, raw } from "sql-template-tag";
const query = sql`SELECT * FROM books WHERE id = ${id}`;
query.sql; //=> "SELECT * FROM books WHERE id = ?"
query.text; //=> "SELECT * FROM books WHERE id = $1"
query.values; //=> [id]
pg.query(query); // Uses `text` and `values`.
mysql.query(query); // Uses `sql` and `values`.
// Embed SQL instances inside SQL instances.
const nested = sql`SELECT id FROM authors WHERE name = ${"Blake"}`;
const query = sql`SELECT * FROM books WHERE author_id IN (${nested})`;
// Join and "empty" helpers (useful for nested queries).
sql`SELECT * FROM books ${hasIds ? sql`WHERE ids IN (${join(ids)})` : empty}`;
Accepts an array of values and returns a SQL instance with the values joined by the separator. E.g.
const query = join([1, 2, 3]);
query.sql; //=> "?, ?, ?"
query.values; //=> [1, 2, 3]
Accepts a string and returns a SQL instance, useful if you want some part of the SQL to be dynamic.
raw("SELECT"); // == sql`SELECT`
Do not accept user input to
raw, this will create a SQL injection vulnerability.
Simple placeholder value for an empty SQL string. Equivalent to
raw("").
This package "just works" with
pg and
mysql.
mssql.query(query.strings, ...query.values);
Some other modules exist that do something similar:
sql-template-strings: promotes mutation via chained methods and lacks nesting SQL statements. The idea to support
sql and
text properties for dual
mysql and
pg compatibility came from here.
pg-template-tag: missing TypeScript and MySQL support. This is the API I envisioned before writing this library, and by supporting
pg only it has the ability to dedupe
values.
MIT