Ability to daisy chain queries - To allow minimal `raw` queries within the daisy chain via `.raw()` - e.g. GIS Support

[un33k]

Problem

Ability to use raw SQL in conjunction with prisma-ified queries. I am currently investigation a transition to Typescript/Prisma, from (Python/Django), and what I miss in Prisma is ...

A Query builder utility function to formulate, chain queries, knowing that they are escaped properly, before handing it over to prisma service.

A simple GIS query should not be an all-or-none deal, "raw everything if you want GIS". Staying away from raw queries as much as possible is beneficial to the ultimate security of the application. (hint: SQL injections)

Suggested solution

How about the ability of daisy chain queries?

this.prisma.user.findMany({ where: { name: 'Mike'} }).raw('some-minimal-gis-query').orderBy('some-fields');

Alternatives

No Prisma alternative is available at this moment, except staying with raw SQL, fully. But that is very undesirable. Statistically, only ~10% of the sites deploy GIS capabilities, and that may not be a compelling reason for native GIS support, but those 10% provide 90% of the security tools for other services.

Additional context

All or none queries are bound to introduce parameterized queries (below) that are vulnerable to injection attack, as escaping might not be possible.

'"SELECT * FROM myapp_person WHERE last_name = '%s'"

And if for GIS, the full query needs to be in raw format, then, the probability of parameterized queries will be very high, and the risk will be high as well.

[janpio]

Is your request effectively covered by https://github.com/prisma/prisma/issues/5560 @un33k? Or do you see other cases besides the where that you would want to use via your suggested API?