From 4756a8b7433c962bc3bd61c262ef971c0d86facf Mon Sep 17 00:00:00 2001 From: DJ Adams Date: Fri, 12 Jul 2024 12:09:41 +0100 Subject: [PATCH 1/3] Fix element reference in CQN example on avoiding SQL injection Pretty sure this should be `ID` not `title`, right? --- node.js/cds-ql.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node.js/cds-ql.md b/node.js/cds-ql.md index 1f6064353..d3850017d 100644 --- a/node.js/cds-ql.md +++ b/node.js/cds-ql.md @@ -149,7 +149,7 @@ The query is... 1. captured as a CQN object with the where clause represented as: ```js -..., where:[ {ref:['title']}, '=', {val:201} ] +..., where:[ {ref:['ID']}, '=', {val:201} ] ``` 2. translated to plain SQL string with binding parameters From 0491e82cbe0c98b00b971b56b10dca45bd160e49 Mon Sep 17 00:00:00 2001 From: DJ Adams Date: Fri, 12 Jul 2024 12:12:53 +0100 Subject: [PATCH 2/3] Super minor lang fix As I have a PR open I may as well make a super minor fix too. --- node.js/cds-ql.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node.js/cds-ql.md b/node.js/cds-ql.md index d3850017d..6fbceb5d2 100644 --- a/node.js/cds-ql.md +++ b/node.js/cds-ql.md @@ -162,7 +162,7 @@ SELECT ID from Books where ID=? dbc.run (sql, [201]) ``` -The only mistake you could do is to imperatively concatenate user input with CQL or SQL fragments, instead of using the tagged strings or other options promoted by `cds.ql`. For example, assumed you had written the above code sample like that: +The only mistake you could make is to imperatively concatenate user input with CQL or SQL fragments, instead of using the tagged strings or other options promoted by `cds.ql`. For example, assumed you had written the above code sample like that: ```js let input = 201 //> might be entered by end users From 1917ee7bd46c43cb1feb21d9f659bf8e4593c11f Mon Sep 17 00:00:00 2001 From: DJ Adams Date: Fri, 12 Jul 2024 14:01:56 +0100 Subject: [PATCH 3/3] another minor fix colums -> columns --- node.js/cds-ql.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/node.js/cds-ql.md b/node.js/cds-ql.md index 6fbceb5d2..6ab9b9dc4 100644 --- a/node.js/cds-ql.md +++ b/node.js/cds-ql.md @@ -326,10 +326,10 @@ SELECT.distinct.from (Authors) ### columns() {.method} ```tsx -function SELECT.colums ( projection : function ) -function SELECT.colums ( cql : tagged template string ) -function SELECT.colums ( columns[] : CQL expr string | CQN expr object ) -function SELECT.colums ( ...columns[] : CQL expr string | CQN expr object ) +function SELECT.columns ( projection : function ) +function SELECT.columns ( cql : tagged template string ) +function SELECT.columns ( columns[] : CQL expr string | CQN expr object ) +function SELECT.columns ( ...columns[] : CQL expr string | CQN expr object ) ``` Specifies which columns to be fetched, very much like SQL select clauses, enhanced by [CQL](../cds/cql) projections and path expressions. The arguments can be a projection function, a tagged template string, or individual column expressions as CQL string snippets, or as [CQN column expression objects](../cds/cqn.md#select).