Passing parameters to `IN`

[retrohacker]

Heya, how would one go about passing parameters to a query with IN?

For example:

SELECT *
FROM people
WHERE name in ($1)

I've tried to use:

pg.query(query, [['drake', 'zoey']], cb)

But I don't get results back when both drake and zoey are in the table.

However the following does seem to work:

pg.query(query.replace(/\$1/, ['drake', 'zoey'].map(v => `'${v}'`).join(','), cb)

[charmander]

You can use = ANY instead:

SELECT *
FROM people
WHERE name = ANY ($1)

[charmander]

Duplicate of #1452

[charmander]

However the following does seem to work:

pg.query(query.replace(/\$1/, ['drake', 'zoey'].map(v => `'${v}'`).join(','), cb)

(and, to be clear, definitely do not do this. It’s an SQL injection vulnerability.)

[retrohacker]

<3 thank you