SQL Template Tag
ES2015 tagged template string for preparing SQL statements, works with
pg
andmysql
.
Installation
npm install sql-template-tag --save
Usage
import sql, { empty, join, raw } from "sql-template-tag";
const query = sql`SELECT * FROM books WHERE id = ${id}`;
query.sql; //=> "SELECT * FROM books WHERE id = ?"
query.text; //=> "SELECT * FROM books WHERE id = $1"
query.values; //=> [id]
pg.query(query); // Uses `text` and `values`.
mysql.query(query); // Uses `sql` and `values`.
// Embed SQL instances inside SQL instances.
const nested = sql`SELECT id FROM authors WHERE name = ${"Blake"}`;
const query = sql`SELECT * FROM books WHERE author_id IN (${nested})`;
// Join and "empty" helpers (useful for nested queries).
sql`SELECT * FROM books ${hasIds ? sql`WHERE ids IN (${join(ids)})` : empty}`;
Join
Accepts an array of values and returns a SQL instance with the values joined by the separator. E.g.
const query = join([1, 2, 3]);
query.sql; //=> "?, ?, ?"
query.values; //=> [1, 2, 3]
Raw
Accepts a string and returns a SQL instance, useful if you want some part of the SQL to be dynamic.
raw("SELECT"); // == sql`SELECT`
Do not accept user input to raw
, this will create a SQL injection vulnerability.
Empty
Simple placeholder value for an empty SQL string. Equivalent to raw("")
.
Related
Some other modules exist that do something similar:
sql-template-strings
: promotes mutation via chained methods and lacks nesting SQL statements. The idea to supportsql
andtext
properties for dualmysql
andpg
compatibility came from here.pg-template-tag
: missing TypeScript and MySQL support. This is the API I envisioned before writing this library, and by supportingpg
only it has the ability to dedupevalues
.
License
MIT