DT
Drizzle Team•2y ago
.deini

sql escaping on where

Trying to do the following: 
where: sql`unaccent(${users.fullName}) ILIKE unaccent('%${input.query}%')`,
where: sql`unaccent(${users.fullName}) ILIKE unaccent('%${input.query}%')`,
But it breaks on the secon unaccent with could not determine data type of parameter $1 . What am I missing? 🤔
2 Replies
.deini
.deiniOP•2y ago
I "solved" it by using: 
where: sql.raw(`unaccent(full_name) ILIKE unaccent('%${input.query}%')`)
where: sql.raw(`unaccent(full_name) ILIKE unaccent('%${input.query}%')`)
A bit worried about using raw Now using: 
sql`unaccent(${users.fullName}) ILIKE unaccent('%${sql.raw(input.query)}%')`
sql`unaccent(${users.fullName}) ILIKE unaccent('%${sql.raw(input.query)}%')`
Suji
Suji•17mo ago
ran into a simillar issue where im conditionaly building the where clause where.push( sqlCONCAT(${users.firstName},' ', ${users.lastName}) ILIKE '%${name}%', ); this throws a bind message error you can build the string like this, where your adding the % within the interpolation sql`CONCAT(${users.firstName},' ', ${users.lastName}) ILIKE ${'%' + pageOptionsDto.name + '%'}
Want results from more Discord servers?
Add your server