Ignore some rules?

[Asoul]

Hi,

I use pg-promise, and some SQL rules looks like:

db.none(
        'UPDATE users SET "Col1" = ${col1}, ' +
        '                 "Col2" = ${col2}, ' +
        '                 "col3" = ${col3}, ' +
        'WHERE col3 = ${col3}', goodTable)

The function need to pass the string with ${}, and I cannot use `` to quote the string, because these variable is not local variables, they are goodTable's attributes. Therefore, I got prefer-template error from this, can I ignore this warning?

Thanks!

[Asoul]

I cannot google some document about these, maybe there is some configuration in package.json?

like

"standard": {
  "ignoreRules": [
    "prefer-template'
  ]
}

[tunnckoCore]

Or using eslint ignore comments like eslint-disable-line, eslint-disable, eslint-disable-line rule1, rule2. Both block and single line comments work.

/* eslint-disable prefer-template */

db.none(
        'UPDATE users SET "Col1" = ${col1}, ' +
        '                 "Col2" = ${col2}, ' +
        '                 "col3" = ${col3}, ' +
        'WHERE col3 = ${col3}', goodTable)

/* eslint-enable prefer-template */

[Asoul]

Thanks @tunnckoCore, but that's a lots of lines of these query in my codes,
I think it's a little ugly to add lots of lines of eslint-disable,
Is there another options? thanks

[tunnckoCore]

Why lots of lines? If you have more than 2-3-4 rules to ignore for the whole file maybe Standard isn't your thing, don't know. You can define the comment at the top of the file to globally disable these specific rules that you want and it's not needed to re-enable them later.

[Asoul]

Thanks @tunnckoCore, I think I can disable them at the top of file.

[rstacruz]

Might I add it might be a good idea not to ignore standard on this, because this is actually a good candidate for template strings:

import dedent from 'dedent'

db.none(dedent `
  UPDATE users SET
    "Col1" = \${col1},
    "Col2" = \${col2},
    "col3" = \${col3},
    WHERE col3 = \${col3}
`, goodTable)

// dedent is optional, of course

[Asoul]

Thanks @rstacruz, that's more clean and without commented line, I like it

[vitaly-t]

Hi guys, I am the author of pg-promise, and just wanted to point out once again at the flexibility of the formatting syntax when it comes to the use of Named Parameters.

If the ES6 template strings is your preferred way to declare queries, then as per the documentation, you can instead use $/propName/ or $[propName] or $<propName> or $(propName).

But the best way to organize all your SQL is via external SQL files, via Query Files, where you can also use ${propName} syntax safely.

Also see pg-promise-demo for a comprehensive example ;)

[Asoul]

Thanks @vitaly-t,
I think I missed lots of good features of pg-promise, I'll check more demos, Thanks!

[nicholaswmin]

@rstacruz Unrelated but doesn't your proposed template literal syntax introduce a huge SQL injection risk?

[vitaly-t]

@nicholaswmin it doesn't, because all literals are escaped correctly, preventing the injection. For example, every string goes through pgp.as.text for that, and so on, according to the type.