Answer a question

I have a search query that its parameters changes depending on the client input.

await prisma.$queryRaw(`SELECT column FROM table ${condition ? `WHERE column = '${condition}'`  :' ' } `)

how can I write this query using prepared statement and avoiding duplicate queries. The only solution I came up with is the following:

const result = condition ? await prisma.$queryRaw(`SELECT column FROM table WHERE column = $1`,condition) : await prisma.$queryRaw(`SELECT column FROM table`)

The goal from this is to avoid sql injections from the first query.

EDIT after trying the solution suggested by @Ryan I got the following error:

Raw query failed. Code: `22P03`. Message: `db error: ERROR: incorrect binary data format in bind parameter 1`

here's my implementation:

    const where = Prisma.sql`WHERE ${searchConditions.join(' AND ')}`;
    const fetchCount = await prisma.$queryRaw`
    SELECT 
      COUNT(id)
    FROM
      table
    ${searchConditions.length > 0 ? where : Prisma.empty}
  `;

that will translate to the following in the prisma logs:

Query: 
    SELECT 
      COUNT(id)
    FROM
      table
    WHERE $1
   ["column = something"]

SOLUTION I had to do a lot of rework to achieve what I want. Here's the idea behind it:

for every search condition you need to do the following:

let queryCondition = Prisma.empty;
    if (searchFilter) {
      const searchFilterCondition = Prisma.sql`column = ${searchFilter}`;

      queryCondition.sql.length > 0
        ? (queryCondition = Prisma.sql`${queryCondition} AND ${streamingUnitCondition}`)
        : (queryCondition = searchFilterCondition);
    }

afterwards in the final search query you can do something of this sort:

SELECT COUNT(*) FROM table ${queryCondition.sql.length > 0 ? Prisma.sql`WHERE ${queryCondition}` : Prisma.empty}

Answers

You can do it like this:

import { Prisma } from '@prisma/client'

const where = Prisma.sql`where column = ${condition}`

const result = await prisma.$queryRaw`SELECT column FROM table ${condition ? where : Prisma.empty}`
# node.js # postgresql
Logo
PostgreSQL

PostgreSQL社区为您提供最前沿的新闻资讯和知识内容

更多推荐

PostgreSQL 计数查询效率,物化视图 [重复]

问题:PostgreSQL 计数查询效率,物化视图 [重复] 可能重复: PostgreSQL 计数查询优化 使用 PostgreSQL 9.2,我们试图弄清楚是否有一种方法可以跟踪查询的结果数量,并以有效的方式返回该数字。这个查询应该每秒执行几次(可能几十到几百甚至几千次)。我们现在的查询看起来像这样,但我们想知道这是否效率低下: -- Get # of rows that do not hav

avatar PostgreSQL

多对多中的唯一性

问题:多对多中的唯一性 我无法弄清楚谷歌的哪些术语,所以帮助标记这个问题或只是以相关问题的方式向我指出会有所帮助。 我相信我有一个典型的多对多关系: CREATE TABLE groups ( id integer PRIMARY KEY); CREATE TABLE elements ( id integer PRIMARY KEY); CREATE TABLE groups_elements

avatar PostgreSQL

Django 与 postgresql - manage.py syncdb 返回错误

问题:Django 与 postgresql - manage.py syncdb 返回错误 我从 Django 开始。我设置了一些使用 SQLite 工作的站点,但是在将 DB 引擎更改为 postgresql manage.py syncdb 后返回错误。我已经用谷歌搜索了 2 天,但对我仍然没有任何作用。Postgres 用户 'joe' 具有超级用户权限和本地 'joe ' 数据库存在。

avatar PostgreSQL