Does this module uses prepared statements or parameterized queries with postgres

felixfbecker / node-sql-template-strings

ES6 tagged template strings for prepared SQL statements 📋

ISC License

610 stars 40 forks source link

Does this module uses prepared statements or parameterized queries with postgres #15

Closed abenhamdine closed 8 years ago

abenhamdine commented 8 years ago

Hi and lot of thx for this great little module :+1:

Just a question : i want to be sure to understand how this module works with pg. By default, does it execute a parameterized query or a prepared statement ?

Per docs, I understand that it's only when .setName()is used that a prepared statement is executed. Is it correct ?

Thx.

felixfbecker commented 8 years ago

Yes, it will do a parameterized query by default.

// parameterized
SQL`SELECT x FROM y WHERE z = ${123}` 
{text: 'SELECT x FROM y WHERE z = $1', values: [123]}

// prepared
SQL`SELECT x FROM y WHERE z = ${123}`.setName('my_query')
{text: 'SELECT x FROM y WHERE z = $1', values: [123], name: 'my_query'}

See the pg docs: https://github.com/brianc/node-postgres/wiki/Prepared-Statements

abenhamdine commented 8 years ago

Ah great. Thx a lot for your response !

nightpool commented 5 years ago

Hey, can you update the README to reflect this? The current text is very confusing:

Postgres requires prepared statements to be named, otherwise the parameters will be escaped and replaced on the client side

Postgres parameterized queries are not "replaced on the client side"

felixfbecker commented 5 years ago

PR welcome.