5

I know about parameterized query, but since I have to programmatically construct the where condition, taking count of the parameters and building the parameters array is a task much more complex than simply calling an escape function when required. So:

is there a parameters escape function in node-postgres?

Daniele Ricci
  • 15,422
  • 1
  • 27
  • 55
  • Constructing a values array dynamically isn't that hard. Or consider using an ORM that does this for you? – Bergi Jan 02 '22 at 14:02

1 Answers1

8

Yes, since this PR there are client.escapeIdentifier and client.escapeLiteral (sadly still undocumented). However, it is not recommended to use them when you can use parameterised queries, and for dynamic WHERE condition you can easily construct a query object with text and values on the fly.

Bergi
  • 630,263
  • 148
  • 957
  • 1,375
  • `client.escapeLiteral` is the answer I was looking for; the fact it is undocumented makes clear why I wasn't able to find it. Thank you. – Daniele Ricci Jan 02 '22 at 14:16