stt

sql-template-tag

by Blake Embrey
4.0.0 (see all)

ES2015 tagged template string for preparing SQL statements, works with `pg` and `mysql`

Readme

SQL Template Tag

ES2015 tagged template string for preparing SQL statements.

Installation

npm install sql-template-tag --save

Usage

import sql, { empty, join, raw } from "sql-template-tag";

const query = sql`SELECT * FROM books WHERE id = ${id}`;

query.sql; //=> "SELECT * FROM books WHERE id = ?"
query.text; //=> "SELECT * FROM books WHERE id = $1"
query.values; //=> [id]

pg.query(query); // Uses `text` and `values`.
mysql.query(query); // Uses `sql` and `values`.

// Embed SQL instances inside SQL instances.
const nested = sql`SELECT id FROM authors WHERE name = ${"Blake"}`;
const query = sql`SELECT * FROM books WHERE author_id IN (${nested})`;

// Join and "empty" helpers (useful for nested queries).
sql`SELECT * FROM books ${hasIds ? sql`WHERE ids IN (${join(ids)})` : empty}`;

Join

Accepts an array of values and returns a SQL instance with the values joined by the separator. E.g.

const query = join([1, 2, 3]);

query.sql; //=> "?, ?, ?"
query.values; //=> [1, 2, 3]

Raw

Accepts a string and returns a SQL instance, useful if you want some part of the SQL to be dynamic.

raw("SELECT"); // == sql`SELECT`

Do not accept user input to raw, this will create a SQL injection vulnerability.

Empty

Simple placeholder value for an empty SQL string. Equivalent to raw("").

Recipes

This package "just works" with pg and mysql.

MSSQL

mssql.query(query.strings, ...query.values);

Some other modules exist that do something similar:

  • sql-template-strings: promotes mutation via chained methods and lacks nesting SQL statements. The idea to support sql and text properties for dual mysql and pg compatibility came from here.
  • pg-template-tag: missing TypeScript and MySQL support. This is the API I envisioned before writing this library, and by supporting pg only it has the ability to dedupe values.

License

MIT

