0.19.0 • Published 3 weeks ago
@cd2/es-qu-el
Licence
MIT
Version
0.19.0
Deps
0
Size
73 kB
Vulns
0
Weekly
0
ES-QU-EL
yarn add @cd2/es-qu-el
Sanitizing using the SQL function
The SQL function will automatically escape any interpolated into the string.
import { SQL } from "@cd2/es-qu-el"
const userInput = `dangerous user input ' OR true; `
const sql = SQL`SELECT * FROM table WHERE thing=${userInput}`
A function can be interpolated which will get access to an object with many sanitizers:
const table = `my_table`
const sql = SQL`SELECT * FROM ${as => as.name(table)}`