Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Recommendation: use template literals

See original GitHub issue

Node.js has node-sql-template-strings package, why can’t we have this?

Example:

// mysql:
mysql.query('SELECT author FROM books WHERE name = ? AND author = ?', [book, author])
// is equivalent to
mysql.query(SQL`SELECT author FROM books WHERE name = ${book} AND author = ${author}`)

Links: https://github.com/felixfbecker/node-sql-template-strings https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:7

Top GitHub Comments

3reactions

invisalcommented, Aug 14, 2020

I am a bit skeptical about this feature. User can easily make a mistake. For example

mysql.query(SQL`SELECT author FROM books WHERE name = ${book} AND author = ${author}`);
// If user mistype and forgot insert SQL, it will silently go through without any warning.
mysql.query(`SELECT author FROM books WHERE name = ${book} AND author = ${author}`);

User can easily forget to put SQL in front of the query and there is no way for us to provide a warning to user. This is vulnerable to SQL injection.

I think we should just go with named placeholder instead. It is harder for user to make mistake

mysql.query('SELECT author FROM books WHERE name = :book AND author = :author', { book, author })

0reactions

algjcommented, Jun 18, 2020

May I ask what’s difference between $$ (??) with $ (?). Or u try to keep consistency with the original style. I also doesn’t get the original ?? though.

I assume ?? is used for fields, table names and other things that don’t need to be in “quotes”. ? may be used for text

Example, if you were to replace everything:

SELECT id, author, releaseDate FROM books WHERE title="Harry Potter"
SELECT ??, ??, ?? FROM ?? WHERE ??=?

Anyway u’v done a good job.

Thanks

Top Results From Across the Web

Template literals (Template strings) - JavaScript | MDN

Template literals are literals delimited with backtick (`) characters, allowing for multi-line strings, string interpolation with embedded ...

ES6 Template Literals (Template Strings) - CanIUse

Template literals are string literals allowing embedded expressions using backtick characters (`). You can use multi-line strings and string interpolation ...

JavaScript Template Literals - W3Schools

Template literals provide an easy way to interpolate variables and expressions into strings. The method is called string interpolation. The syntax is:.

Understanding Template Literals in JavaScript - DigitalOcean

This section will review how to declare strings with single quotes and double ... const template = `Template literals use the \` character....

Nesting Template Literals: A Recommended Approach

Nesting together multiple template literals can create unnecessary complexity, which reduces the code quality. The code becomes less readable ...