New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(core): require explicitly marked raw queries via raw()
helper
#4197
Conversation
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## v6 #4197 +/- ##
==========================================
- Coverage 99.52% 99.46% -0.06%
==========================================
Files 218 219 +1
Lines 14258 14311 +53
Branches 3260 3269 +9
==========================================
+ Hits 14190 14235 +45
- Misses 67 74 +7
- Partials 1 2 +1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report in Codecov by Sentry. |
3244f2f
to
d52416e
Compare
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…ikro-orm#4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
…4197) Improves the new `raw()` helper that now replaces the removed `expr()` helper. Also adds new `sql` helper that allows to work with `raw` as with tagged template function. The `raw()` helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection. This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by `RawQueryFragment` class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments. > **`raw()` helper is required since v6 to use a raw fragment in your query, both through EntityManager and QueryBuilder.** ```ts // as a value await em.find(User, { time: raw('now()') }); // as a key await em.find(User, { [raw('lower(name)')]: name.toLowerCase() }); // value can be empty array await em.find(User, { [raw('(select 1 = 1)')]: [] }); ``` The `raw` helper supports several signatures, you can pass in a callback that receives the current property alias: ```ts await em.find(User, { [raw(alias => `lower(${alias}.name)`)]: name.toLowerCase() }); ``` You can also use the `sql` tagged template function, which works the same, but supports only the simple string signature: ```ts await em.find(User, { [sql`lower(name)`]: name.toLowerCase() }); ``` When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage. ```ts @filter({ name: 'long', cond: () => ({ [raw('length(perex)')]: { $gt: 10000 } }) }) ```
Improves the new
raw()
helper that now replaces the removedexpr()
helper. Also adds newsql
helper that allows to work withraw
as with tagged template function.The
raw()
helper is now required to be used for any raw SQL, both with EM and QB, to protect from SQL injection.This raw SQL query fragment that can be assigned to a property or part of a filter. This fragment is represented by
RawQueryFragment
class instance that can be serialized to a string, so it can be used both as an object value and key. When serialized, the fragment key gets cached and only such cached key will be recognized by the ORM. This adds a runtime safety to the raw query fragments.The
raw
helper supports several signatures, you can pass in a callback that receives the current property alias:You can also use the
sql
tagged template function, which works the same, but supports only the simple string signature:When using inside filters, you might have to use a callback signature to create new raw instance for every filter usage.