bluesky
bluesky
DTDrizzle Team
Created by bluesky on 10/10/2023 in #help
Is ilike vulnerable to SQL injections?
Modified from the post: https://orm.drizzle.team/docs/operators#ilike See code below:
import { ilike } from "drizzle-orm";

const userInput = "asdf";
db.select().from(table).where(ilike(table.column, `%${userInput}%`));
import { ilike } from "drizzle-orm";

const userInput = "asdf";
db.select().from(table).where(ilike(table.column, `%${userInput}%`));
4 replies
DTDrizzle Team
Created by bluesky on 10/2/2023 in #help
Creating composite types in PostgreSQL
Hi, I'm curious how I could recreate the following code using drizzle.
-- composite type
CREATE TYPE author AS (
name text,
role text
);

CREATE TABLE books (
book_id serial PRIMARY KEY,
title text,
authors author[]
);
-- composite type
CREATE TYPE author AS (
name text,
role text
);

CREATE TABLE books (
book_id serial PRIMARY KEY,
title text,
authors author[]
);
Is it simply
type Author = {
name: string;
role: string;
};

const books = pgTable('books', {
bookId: serial('book_id').primaryKey(),
title: text('title'),
authors: text('authors').array().$type<Author>(),
});
type Author = {
name: string;
role: string;
};

const books = pgTable('books', {
bookId: serial('book_id').primaryKey(),
title: text('title'),
authors: text('authors').array().$type<Author>(),
});
Because I ran \dT and it didn't show a custom type for the Author in postgres
9 replies