Escaped paramaters in raw sql
For a few queries I made postgreSQL functions, this is the current way of how I call this function:
only thing I could find on the docs for .val is:
while the others have warnings like:
My question is, is my method of querying the function correct or are there better ways to query those? And are inputs escaped by using .val?
only thing I could find on the docs for .val is:
sql.val(value) is a shortcut for:
sql<ValueType>${value}
while the others have warnings like:
WARNING! Using this with unchecked inputs WILL lead to SQL injection vulnerabilities. The input is not checked or escaped by Kysely in any way.
My question is, is my method of querying the function correct or are there better ways to query those? And are inputs escaped by using .val?
Solution
That's fine, but you don't even need to use
https://kyse.link/?p=s&i=MEBVYcJHvb7Uj4c6chaI
sql.valhttps://kyse.link/?p=s&i=MEBVYcJHvb7Uj4c6chaI
