New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
queryRaw doesn't support dynamic tables names #9765
Comments
Same problem here with Prisma Version 3.3.0 This query working well on Prisma Version 2.23.0: (interpolation operator deleted for git editor)
const transactionsQuery = On 3.3.0 returns: After some tests I discovered that the problem is the empty placeholders, does it seem to write '?' when they are null. |
Hello, You will need to use the following if you want to do dynamic table names and manually write the prepared statement variables: const values = await prisma.$queryRaw(`SELECT type FROM ${collection} WHERE id = $1;`, "my-id"); Please notice that I am calling Also, please avoid using |
@MercurialWeb Please open a new issue and fill out the template so that I can assist you better. |
Your solution doesn't work. |
Is it possible to use a variable for the order direction? I'm trying to do something like this: const order = 'DESC';
await prismaClient.$queryRaw`SELECT user.name FROM user ORDER BY user.name ${order}`; |
If you remove the parens from the function call the type error shouldn't show up anymore. That said, I still got a |
I actually found a solution to this that's slightly safer imo than |
@pantharshit00's solution did not work me unfortunately. I found the solution to my original question. If you first save the query in a variable,
Then evaluating this directly will work, as Prisma won't make any attempt to validate the arguments
Easy way to get SQL injected, but hey at least you can get your queries to work :) |
This is a great and quick fix that actually worked for me: Just wrap your inserted variable with In this context: |
Property 'raw' does not exist on type 'PrismaClient<PrismaClientOptions, never, RejectOnNotFound | RejectPerOperation>'.ts(2339) |
@BlakeBrown there is some rules in queryRow that protect the database so you can use queryRawUnsafe, it will work fine |
What Here is a completely type-safe way to dynamically set table names and column names in your query, assuming that all your table names and columns names are exactly the same both in the schema and in the database (no import { Prisma } from '@prisma/client';
type ModelName = Prisma.ModelName;
type FieldName<T> = string & keyof T;
export const modelName = (model: ModelName) => Prisma.sql([`"${model}"`]);
export const fieldName = <T>(name: FieldName<T>) => Prisma.sql([`"${name}"`]); Then you can do things like this. const User = modelName(Prisma.ModelName.User);
const Post = modelName(Prisma.ModelName.Post);
const Id = columnName<User | Post>("id");
const UserId = columnName<Post>("userId");
const Name = columnName<User>("name");
const Message = columnName<Post>("message");
const userName = "johndoe";
type YourType = {
id: string;
message: string;
author: string;
}
prisma.queryRaw<YourType[]>`
SELECT
${Post}.${Id},
${Post}.${Message},
${User}.${Name} AS "author",
FROM ${Post}
JOIN ${User} ON ${Post}.${UserId} = ${User}.${Id}
WHERE ${User}.${Name} = ${userName};
` |
Bug description
const values = await prisma.$queryRaw`SELECT type FROM ${collection};`;
fails with the errorMessage: `db error: ERROR: syntax error at or near "$1"
However,
const values = await prisma.$queryRawUnsafe(`SELECT type FROM ${collection};`);
works fine.Does anyone know why this occurs? I need to be able to be use the safe version to prevent SQL injection in my app :/
How to reproduce
Raw query a postgres database with a dynamic table name.
Expected behavior
No response
Prisma information
Environment & setup
Prisma Version
The text was updated successfully, but these errors were encountered: