TTC
Theo's Typesafe Cult2y ago
Sturlen

Should you validate the output of DB query?

I know user input should always be validated before being stored in a DB, but what about query results? should they also be validated with zod or in a tRPC output function? interested to know if anyone has any thoughts on this.
Solution:
I personally wouldn't bother with it unless I'm transforming it further but if you want to do it you can either manually schema.parse in the body or rely on the .output property of the procedure to ensure its what you want
Jump to solution
2 Replies
Neto
Neto2y ago
trpc allows you to validate the output
Solution
Keef
Keef2y ago
I personally wouldn't bother with it unless I'm transforming it further but if you want to do it you can either manually schema.parse in the body or rely on the .output property of the procedure to ensure its what you want

Did you find this page helpful?