Using this with .toString() works fine, but as the docs point out, this string shouldn't be used to execute queries as the values are not properly escaped. When using .toParams(), the result is close, but the indexes in the statement are incorrectly numbered. Here's the output:
{
text: 'SELECT * FROM "user" INNER JOIN comments ON comment.user_id = "user".id WHERE "user".id = $1 AND comment.published = $2 AND "user".active = $4 ORDER BY comment.created_at',
values: [ 1, true, true ]
}
Note that the indexes are $1, $2, and $4, and there is no $3. As a result, when passing the text and values into the pg client, you get an error. It only seems to happen if you call .where(...) after you call .where(sql(...)), and it keeps getting worse if you have multiple .where(sql(...)) calls.
I ran in to an issue when using multiple
.where(...)methods with nestedsql(...)methods. Here's a pretty simple example:Using this with
.toString()works fine, but as the docs point out, this string shouldn't be used to execute queries as the values are not properly escaped. When using.toParams(), the result is close, but the indexes in the statement are incorrectly numbered. Here's the output:Note that the indexes are
$1,$2, and$4, and there is no$3. As a result, when passing the text and values into the pg client, you get an error. It only seems to happen if you call.where(...)after you call.where(sql(...)), and it keeps getting worse if you have multiple.where(sql(...))calls.