7

I know about parameterized query, but since I have to programmatically construct the where condition, taking count of the parameters and building the parameters array is a task much more complex than simply calling an escape function when required. So:

is there a parameters escape function in node-postgres?

Improve this question
1
  • Constructing a values array dynamically isn't that hard. Or consider using an ORM that does this for you? Commented Jan 2, 2022 at 14:02

1 Answer 1

Reset to default
11

Yes, since this PR there are client.escapeIdentifier and client.escapeLiteral (sadly still undocumented), and since PR2954 (released with v8.11.0) they are exported and documented as pg.escapeIdentifier and pg.escapeLiteral.

However, it is not recommended to use them when you can use parameterised queries, and for dynamic WHERE condition you can easily construct a query object with text and values on the fly.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

client.escapeLiteral is the answer I was looking for; the fact it is undocumented makes clear why I wasn't able to find it. Thank you.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.