-
Notifications
You must be signed in to change notification settings - Fork 0
Variables
Nathan Bruer edited this page Oct 10, 2015
·
1 revision
Variables are represented with @ (at sign) followed by numbers and/or characters (must start with character). Then the developer may assign values to the variables and the library will auto-escape and adjust to the data type of the variables. This is a very safe way to inject unsafe to query the database.
#Examples
| JS | Result |
|---|---|
PQL.getSQL({
query: 'id:@order_id',
table: 'order',
variables: {
order_id: 5,
},
}); |
SELECT * FROM "orders" WHERE "orders"."id" = 5 GROUP BY "orders"."id" |
PQL.getSQL({
query: 'id:@unknown_var',
table: 'order',
variables: {
order_id: 5,
},
}); |
SELECT * FROM "orders" WHERE "orders"."id" IS NULL GROUP BY "orders"."id" |
PQL.getSQL({
query: 'id:@order_id',
table: 'order',
variables: {
order_id: 'Uns\"afe\\"D\'At\0a\n',
},
}); |
SELECT * FROM "orders" WHERE "orders"."id" = 'Uns"afe\\"D\'At\0a\n' GROUP BY "orders"."id" |