Should you validate the output of DB query?
I know user input should always be validated before being stored in a DB, but what about query results? should they also be validated with zod or in a tRPC output function?
interested to know if anyone has any thoughts on this.
interested to know if anyone has any thoughts on this.
Solution
I personally wouldn't bother with it unless I'm transforming it further but if you want to do it you can either manually schema.parse in the body or rely on the .output property of the procedure to ensure its what you want
