Fragments

[JAForbes]

Just logging that we should tackle this near term.

Quick summary, fragments are hashed sub expressions that can be combined dynamically but only within the query they were referenced by in the original source.

This allows you to have dynamic queries / server side code without giving a potential attacker the building blocks to build any query they want.

[porsager]

As we discussed some time ago now, I'd like fragments to be no different than the query itself. I've taken that approach for the dynamic query building in Postgres.js v3 and I'd like to apply the same to HashQL. I think there's a good chance I'll get to tackle this in the near future..