Closed EvanGrillo closed 2 years ago
You can bind data, but not the text of the SQL statement, so you will have to dynamically (and carefully - watch out for SQL Injection issues) concatenate text to create the SQL statement, and only use bind variables for data. See Binding Column and Table Names in Queries. The documentation Binding Multiple Values to a SQL WHERE IN Clause has a technique for constructing SQL statements that contain bind variables. You can combine the techniques from both sections to achieve your goal.
Thanks for your help. So with guards and bind handling aside, a simple implementation may look like:
connection.executeMany(
‘
INSERT INTO table_name (${Object.keys(payload)})
VALUES (${Object.keys(payload).map((i) => i = `:${i}`)})
`,
[Object.values(payload)]
)
Thanks for sharing!
This could be related to a bug, feature request, or misunderstanding of documentation in #bind section.
Each column in the table is nullable
Ideally, we can target columns based on payload:
Use Object.keys() & Object.values() to
What's the correct way to dynamically create binding params for both columns and values?