search

jodersky / simplesql

A no-frills SQL library for Scala 3
BSD 3-Clause "New" or "Revised" License
29 stars 2 forks source link

Dynamic SQL where parameters aren't supported #7

Open a01fe opened 1 week ago

a01fe commented 1 week ago

Is there an escape hatch to run dynamic SQL in situations where SQL parameters aren't supported? For example, this doesn't work:

val url = "jdbc:oracle:thin:@//db.example.com:1521/MYDB"
val ds = simplesql.DataSource.pooled(url, "user", "pass")

def unlock(u: String): Unit =
  ds.run:
    sql"alter user \"$u\" account unlock".write()

unlock("SOMEUSER")
jodersky commented 1 week ago

I'm not sure what you mean with dynamic SQL.

Under the hood, any parameter to the sql interpolator will be replaced with a '?' in the query string, and a matching JDBC parameter will be set. I guess you could create the string manually, but that seems like a recipe for injection attacks.