undefined | Better HN

0 pointsheatmiser2y ago0 comments

The things I've seen because people don't want to learn an ORM's (or similar tech) API.

0 comments

I mean that node-posgres doesn't encourage anyone to include parameter values through string concatenation, at least no more than porsager or other SQL-based clients.

Not sure what ORMs have to do with it. They do include a safe parameter substitution mechanism, but so do typical SQL-based clients.

porsager2y ago

It doesn't explicitly encourage you to do it, but it's very much right there - waiting to happen because you always just pass a string to the query function? In Postgres.js you have to use a function that is specifically named `unsafe` to do that.

j / k navigate · click thread line to collapse

0 comments

jmull2y ago

I mean that node-posgres doesn't encourage anyone to include parameter values through string concatenation, at least no more than porsager or other SQL-based clients.

Not sure what ORMs have to do with it. They do include a safe parameter substitution mechanism, but so do typical SQL-based clients.

porsager2y ago

j / k navigate · click thread line to collapse