Also available in Open VSX Registry
Highlight and lint inline SQL strings. Supported languages are Python, Go, JavaScript, TypeScript, Ruby, Java, C#, Rust, PHP, Lua.
Syntax highlighting works for strings starting with --sql
or any of
the SELECT
, INSERT
, INTO
, DELETE
, UPDATE
, CREATE TABLE
.
Also works with ES6 Template Strings:
const query = sql`
select * from book;
`;
Linting and diagnostics powered entirely by awesome
joereynolds/sql-lint and works for
multiline strings that start with either `--sql
(backtick followed by --sql
),
"--sql
or """--sql
.
jwhitaker-swiftnav |
Connor Bren |
Ferenc Tamás |
Gunnar Sv Sigurbjörnsson |
Jon Wolfe |
Titouan CREACH |
The proper way to sanitize data for insertion into your database is to use placeholders for all variables to be inserted into your SQL strings. In other words, NEVER do this (Python example):
query = f"INSERT INTO foo (bar, baz) VALUES ( {variable1}, {variable2} )";
Instead, use $
placeholders (or ?
in some databases):
query = "INSERT INTO foo (bar, baz) VALUES ( $1, $2 )";
And then pass the variables to be replaced when you execute the query. For example with pgx (Go example):
err = conn.QueryRow(
context.Background(),
"select name, weight from widgets where id=$1",
42,
).Scan(&name, &weight)
Integration with real database is available and controlled through VSCode options:
{
"inlineSQL.enableDBIntegration": true,
"inlineSQL.dbDriver": "postgres",
"inlineSQL.dbHost": "localhost",
"inlineSQL.dbPort": 5432,
"inlineSQL.dbUser": "postgres",
"inlineSQL.dbPassword": "postgres"
}
Python | JavaScript/TypeScript |
Ruby | Java |
Highlighting does not work with semantic token highlighting enabled (feature provided by some LSP servers).
Currently gopls semantic token highlighting (option gopls.ui.semanticTokens
- off by default)
overrides extension's syntax.
{
"gopls.ui.semanticTokens": false
}
{
"rust-analyzer.highlighting.strings": false
}
C#
{
"csharp.semanticHighlighting.enabled": false
}
This small extension is meant to help those who don't use ORM and don't like SQL builders like squirrel, but still want inline sql in their code to be something more than magic strings, helping to avoid small bugs and typos almost instantly.