You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
stringified IDs for where-in clause causes a single query plan for each query
Expected Behavior
I would expect that value's injected in the query use query parameters and not use string interpolation. This appears to be the default behavior. However, an exception was added to appease sqlite's lower 1000 parameter limit in #190.
Actual Behavior
String interpolation of query values into the query instead of using query parameters if all IDs are numbers.
Steps to reproduce
Create two related entities, fill each with records and query using relations in query builder or find() and notice that the where includes parameterized and numerical inline arguments.
// fixes #190. if all numbers then its safe to perform query without parameter
condition=`${mainAliasName}.${
metadata.primaryColumns[0].propertyPath
} IN (${ids.join(", ")})`
This is one of the locations where these IDs are injected. Manually setting areAllNumbers to false solves the problem for my use case, however that may not be desired behavior for some users.
Relevant Database Driver(s)
aurora-mysql
aurora-postgres
better-sqlite3
cockroachdb
cordova
expo
mongodb
mysql
nativescript
oracle
postgres
react-native
sap
spanner
sqlite
sqlite-abstract
sqljs
sqlserver
Are you willing to resolve this issue by submitting a Pull Request?
Yes, I have the time, but I don't know how to start. I would need guidance.
The text was updated successfully, but these errors were encountered:
Issue description
stringified IDs for where-in clause causes a single query plan for each query
Expected Behavior
I would expect that value's injected in the query use query parameters and not use string interpolation. This appears to be the default behavior. However, an exception was added to appease sqlite's lower 1000 parameter limit in #190.
Actual Behavior
String interpolation of query values into the query instead of using query parameters if all IDs are numbers.
Steps to reproduce
Create two related entities, fill each with records and query using relations in query builder or find() and notice that the where includes parameterized and numerical inline arguments.
My Environment
Additional Context
typeorm/src/query-builder/SelectQueryBuilder.ts
Lines 3526 to 3533 in e7649d2
This is one of the locations where these IDs are injected. Manually setting areAllNumbers to false solves the problem for my use case, however that may not be desired behavior for some users.
Relevant Database Driver(s)
Are you willing to resolve this issue by submitting a Pull Request?
Yes, I have the time, but I don't know how to start. I would need guidance.
The text was updated successfully, but these errors were encountered: