docs(guide): add information about static parameters (#80)

unjs · Oct 9, 2024 · ad84a26 · ad84a26
1 parent 75f04e2
commit ad84a26
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/docs/1.guide/1.index.md b/docs/1.guide/1.index.md
@@ -40,8 +40,16 @@ await db.sql`INSERT INTO users VALUES (${userId}, 'John', 'Doe', '')`;
 // Query for users
 const { rows } = await db.sql`SELECT * FROM users WHERE id = ${userId}`;
 console.log(rows);
+
+// Using static parameters
+const tableName = "users";
+const { rows } = await db.sql`SELECT * FROM {${tableName}} WHERE id = ${userId}`;
+console.log(rows);
 ```
 
+> [!IMPORTANT]
+> **Static Parameters** are a way to use string-literals other than places where prepared statements are supported, for eg. table name. **DO NOT USE** static parameters from untrusted source such as request body. **STATIC PARAMETERS ARE NOT SANITISED**
+
 ## Next steps
 
 :read-more{to="/connectors"}

diff --git a/docs/1.guide/3.http-server.md b/docs/1.guide/3.http-server.md
@@ -4,7 +4,7 @@ icon: material-symbols:http
 
 # HTTP Server
 
-> Expose SQL databases over (secure) HTTP as a restfu API for edge runtimes!
+> Expose SQL databases over (secure) HTTP as a restful API for edge runtimes!
 
 > [!NOTE]
 > 🚀 This feature is planned! Follow up [unjs/db0#6](https://github.com/unjs/db0/issues/6)