Skip to content

v.1.8.2
Compare
Choose a tag to compare
@vitaly-t vitaly-t released this 01 Aug 11:25
· 2090 commits to master since this release
v.1.8.2
8604ece

Prepared Statements

Added support for Prepared Statements, which is a Postgres native feature supported by node-postgres.

Prepared Statements serve two purposes:

  1. Performance optimization, via cached execution plan;
  2. SQL injection prevention, as data and queries are passed in separately.

All standard query methods will now accept object {name, text, [values]} as the query parameter, and pass it without changes or any kind of preprocessing into node-postgres. Any value passed as the second parameter - values will be ignored in this case.

When the library detects a prepared statement for the query parameters, it will not try to validate it in any way, although I'm still considering that it might, in the future, so please - let me know if you think it needs to be validated, as I couldn't decide right now. UPDATE: Implemented in 1.8.3

Example

db.one({
    name: "find-user",
    text: "select * from users where id=$1",
    values: [1]
})
    .then(function (user) {
        console.log(user);
    }, function (reason) {
        // error;
    });
Assets 2
Loading