sql-assert
TypeScript icon, indicating that this package has built-in type declarations

1.0.4 • Public • Published

SQL Assert

NPM version NPM downloads Build status Build coverage

Assert identifiers (e.g. table/view names) before using them in SQL statements.

Installation

npm install sql-assert --save

Usage

Standalone

import { simpleSqlName, qualifiedSqlName, noop } from "sql-assert";

// returns a valid SQL name or throws an error
const stmt1 = `select count(*) from ${simpleSqlName(tableName)}`;
const stmt2 = `select count(*) from ${qualifiedSqlName(tableName)}`;

// no operation, returns original value
// SQL injection is possible, e.g., if `tableName` is a function parameter
const stmt3 = `select count(*) from ${noop(tableName)}`;

With sql-template-tag

import sql, { raw } from "sql-template-tag";
import { simpleSqlName, qualifiedSqlName } from "sql-assert";

// throws an error if tableName or columnName is not syntactically valid
// columnValue is a bind variable, hence no SQL injection is possible
const query = sql`select count(*) 
                    from ${raw(qualifiedSqlName(tableName))} 
                   where ${raw(simpleSqlName(columnName))} = ${columnValue}`;

License

sql-assert is licensed under the Apache License, Version 2.0. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.

Package Sidebar

Install

npm i sql-assert

Weekly Downloads

3

Version

1.0.4

License

Apache-2.0

Unpacked Size

36.2 kB

Total Files

29

Last publish

Collaborators

  • phsalvisberg