Closed ynnob closed 1 year ago
I found the error for my QueryParams request. single quotes has to be used like -> where: 'email=\'test@test.de\'', But still i think this is a risky way of reading the data. Isnt SQL-Injection a thing here that could be avoided by using comand params to replace "?" ?
@ynnob I added a values
property to QueryParams
to set custom query parameters.
You can now do:
// Check if user already exists
final matchingUser = (await db.users.queryUsers(const QueryParams(
where: 'email=@email',
values: {'email': 'test@test.de'},
)));
Documentation is another big topic that I have to work. I'm happy to accept PRs if you want to help.
Hey,
QueryParams i can't get the query with QueryParams to work and your documentation dont metnions them. Also i guess they offer some risk for SQL-Injections?
Here is an example on what i expected to work:
Error: (Column »test@test.de« doesn't exist)
custom query I think it would be awesome if you would add a minimalistic example to the documentation whre you explain about Queries (https://pub.dev/packages/stormberry#queries)
Thanks!