Theo Gravity
Explore posts from serversHow to translate the WITH keyword in postgres when SELECT does not have FROM?
Linking the github issue thread so it can be traced: https://github.com/kysely-org/kysely/issues/517
9 replies
Using Postgres function in an insert with a field as a select
This works, but it's not ideal as
sql.lit
says it's susceptible to SQL injection. Is there a version that I can use that would be safe (eg parameter binding)? The document.text_content
variable would come from user input, and the contents of that variable is whatever they wrote. We may or may not have sanitized it by the time it gets called here.
20 replies
Using Postgres function in an insert with a field as a select
Thanks! In my translation, I'm not using
NEW
(trying to translate out of triggers / pg functions), and have document
instead as the object with the values. So would it be sql.lit(document.text_content)
?20 replies