barklan / inline_sql_syntax

Highlight and lint inline SQL strings.
https://marketplace.visualstudio.com/items?itemName=qufiwefefwoyn.inline-sql-syntax
MIT License
57 stars 24 forks source link
linter mysql postgres sql vscode vscode-extension

Inline SQL shield

Also available in Open VSX Registry

python

Highlight and lint inline SQL strings. Supported languages are Python, Go, JavaScript, TypeScript, Ruby, Java, C#, Rust, PHP, Lua.

Syntax highlighting works for strings starting with --sql or any of the SELECT, INSERT, INTO, DELETE, UPDATE, CREATE TABLE.

Also works with ES6 Template Strings:

const query = sql`
    select * from book;
`;

Linting and diagnostics powered entirely by awesome joereynolds/sql-lint and works for multiline strings that start with either `--sql (backtick followed by --sql), "--sql or """--sql.

Contributors

jwhitaker-swiftnav
jwhitaker-swiftnav
Wild-W
Connor Bren
tamasfe
Ferenc Tamás
nossrannug
Gunnar Sv Sigurbjörnsson
JonathanWolfe
Jon Wolfe
titouancreach
Titouan CREACH

Safety

The proper way to sanitize data for insertion into your database is to use placeholders for all variables to be inserted into your SQL strings. In other words, NEVER do this (Python example):

query = f"INSERT INTO foo (bar, baz) VALUES ( {variable1}, {variable2} )";

Instead, use $ placeholders (or ? in some databases):

query = "INSERT INTO foo (bar, baz) VALUES ( $1, $2  )";

And then pass the variables to be replaced when you execute the query. For example with pgx (Go example):

err = conn.QueryRow(
    context.Background(),
    "select name, weight from widgets where id=$1",
    42,
).Scan(&name, &weight)

Integration with real database

Integration with real database is available and controlled through VSCode options:

{
    "inlineSQL.enableDBIntegration": true,
    "inlineSQL.dbDriver": "postgres",
    "inlineSQL.dbHost": "localhost",
    "inlineSQL.dbPort": 5432,
    "inlineSQL.dbUser": "postgres",
    "inlineSQL.dbPassword": "postgres"
}

Examples

Python

python

JavaScript/TypeScript

js

Go

go

go

Python JavaScript/TypeScript
Ruby Java

Limitations

Semantic highlighting

Highlighting does not work with semantic token highlighting enabled (feature provided by some LSP servers).

Currently gopls semantic token highlighting (option gopls.ui.semanticTokens - off by default) overrides extension's syntax.

gopls

{
    "gopls.ui.semanticTokens": false
}

rust-analyzer

{
    "rust-analyzer.highlighting.strings": false
}

C#

{
    "csharp.semanticHighlighting.enabled": false
}

Motivation

This small extension is meant to help those who don't use ORM and don't like SQL builders like squirrel, but still want inline sql in their code to be something more than magic strings, helping to avoid small bugs and typos almost instantly.

Related