feat(core): require explicitly marked raw queries via raw() helper
#4197
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## v6 #4197 +/- ##
==========================================
- Coverage 99.52% 99.46% -0.06%
==========================================
Files 218 219 +1
Lines 14258 14311 +53
Branches 3260 3269 +9
==========================================
+ Hits 14190 14235 +45
- Misses 67 74 +7
- Partials 1 2 +1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report in Codecov by Sentry. |
B4nan
force-pushed
the
force-raw
branch
2 times, most recently
from
3244f2f
to
d52416e
Compare
B4nan
added a commit
that referenced
this pull request
Apr 7, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
Apr 10, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
Apr 12, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
Apr 26, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
jsprw
pushed a commit
to jsprw/mikro-orm-full-text-operators
that referenced
this pull request
May 7, 2023
…ikro-orm#4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
May 14, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
May 14, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
May 24, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
May 26, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
Jun 11, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
Sep 10, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
Sep 20, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
Sep 24, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
Sep 30, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
Oct 2, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
Oct 17, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
Oct 21, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
Oct 25, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
Nov 2, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
B4nan
added a commit
that referenced
this pull request
Nov 5, 2023
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Improves the new
raw()helper that now replaces the removedexpr()helper. Also adds newsqlhelper that allows to work withrawas with tagged template function.The
raw()helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection.This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by
RawQueryFragmentclass instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments.The
rawhelper supports several signatures, you can pass in a callback that receives the current property alias:You can also use the
sqltagged template function, which works the same, but supports only the simple string signature:When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage.