-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support #$ query interpolation #21
base: master
Are you sure you want to change the base?
Conversation
…ging table names, order clause, etc)
Has this been benchmarked? |
@matthew-lucidchart, we do need to fix relate-benchmarks. They don't work out-of-the-box, and currently there are no instructions on getting them to work. And though there are a lot of tests, a lot of them are never run (e.g. we only ever parameterize with ints, nothing else). I'm agreed that this (and all other changes) should be benchmarked. |
Yeah, it's too bad we didn't keep up on them, but their primary purpose was Simpler benchmarking can be done without that project. On Fri, Mar 13, 2015 at 1:35 AM, Paul Draper notifications@github.com
|
Please let me know if anything else I need to get this merged? |
Benchmarking them would go a long way in my view. Either via relate-benchmarks or your own make. |
what about: sql"${"SELECT".toSQL} * ${"FROM".toSQL} ...... On Wed, Feb 3, 2016 at 2:44 PM, Gregg Hernandez notifications@github.com
|
what lucidchart said is the same as the original toSql benchmark. |
We should probably have some unit tests on this that check to make sure the output is what we expect. |
@rbanikaz If you're still interested in getting this merged, you'll need to update the PR (merge conflicts) and please include some unit tests as well. |
I'm inclined to reject this, because it can encourage writing code that is vulnerable to SQL injection. That said, I think having better syntax for thing like table and column names would be a good thing. I think the proper way to do this would be to escape the name as an identifier before interpolating it. So for example, in mysql the string "foo bar" would be interpolated as Note that the escaping is different in different SQL implementations, and the quoting character needs to be escaped. |
#20