Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passing parameters to IN #2242

Closed
retrohacker opened this issue Jun 19, 2020 · 4 comments
Closed

Passing parameters to IN #2242

retrohacker opened this issue Jun 19, 2020 · 4 comments
Labels
question

Comments

@retrohacker
Copy link

Heya, how would one go about passing parameters to a query with IN?

For example:

SELECT *
FROM people
WHERE name in ($1)

I've tried to use:

pg.query(query, [['drake', 'zoey']], cb)

But I don't get results back when both drake and zoey are in the table.

However the following does seem to work:

pg.query(query.replace(/\$1/, ['drake', 'zoey'].map(v => `'${v}'`).join(','), cb)
@charmander
Copy link
Collaborator

You can use = ANY instead:

SELECT *
FROM people
WHERE name = ANY ($1)

@charmander
Copy link
Collaborator

Duplicate of #1452

@charmander charmander marked this as a duplicate of #1452 Jun 20, 2020
@charmander
Copy link
Collaborator

However the following does seem to work:

pg.query(query.replace(/\$1/, ['drake', 'zoey'].map(v => `'${v}'`).join(','), cb)

(and, to be clear, definitely do not do this. It’s an SQL injection vulnerability.)

@retrohacker
Copy link
Author

<3 thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@retrohacker @charmander