Support for client side parameter interpolation
mattrobenolt opened this issue · 0 comments
mattrobenolt commented
It'd be expected to support a syntax like:
client.execute("select * from foo where id = ?", [1])
Where they can safely pass a list of parameters into their query instead of needing to do their own escaping or using prepared statements. This is a common pattern across drivers to allow client side interpolation, and in our case, this would be highly preferred over preparing statements.
For JavaScript, we came across sqlstring, which supports the same API as well as some other goodies. We should leverage this automatically internally. If parameters are passed, run it through SqlString.format(...)
.
It's worth noting that SqlString comes from mysqljs
ecosystem, and is used within the mysqljs/mysql
driver.