bluesky Posts - Answer Overflow

bluesky

•Created by bluesky on 10/10/2023 in #help

Is ilike vulnerable to SQL injections?

Modified from the post: https://orm.drizzle.team/docs/operators#ilike See code below:

import { ilike } from "drizzle-orm";

const userInput = "asdf";
db.select().from(table).where(ilike(table.column, `%${userInput}%`));

import { ilike } from "drizzle-orm";

const userInput = "asdf";
db.select().from(table).where(ilike(table.column, `%${userInput}%`));

4 replies

DTDrizzle Team

•Created by bluesky on 10/2/2023 in #help

Creating composite types in PostgreSQL

Hi, I'm curious how I could recreate the following code using drizzle.

-- composite type
CREATE TYPE author AS (
    name text,
    role text
);

CREATE TABLE books (
    book_id serial PRIMARY KEY,
    title text,
    authors author[]
);

-- composite type
CREATE TYPE author AS (
    name text,
    role text
);

CREATE TABLE books (
    book_id serial PRIMARY KEY,
    title text,
    authors author[]
);

Is it simply

type Author = {
    name: string;
    role: string;
};

const books = pgTable('books', {
    bookId: serial('book_id').primaryKey(),
    title: text('title'),
    authors: text('authors').array().$type<Author>(),
});

type Author = {
    name: string;
    role: string;
};

const books = pgTable('books', {
    bookId: serial('book_id').primaryKey(),
    title: text('title'),
    authors: text('authors').array().$type<Author>(),
});

Because I ran \dT and it didn't show a custom type for the Author in postgres

9 replies

Gaming

Programming