1.0.0 • Published 6 years ago
@serayaeryn/mysql-query v1.0.0
mysql-query
This module provides a performant way to escape your mysql queries to protect from SQL injection.
Installation
npm install @serayaeryn/mysql-queryUsage
Define your query string with placeholders starting with a question mark ? (for example ?name) and pass it to the function exported by the @serayaeryn/mysql-query module. It will create a function, that accepts the values for the previously defined placeholders and returns the query the escaped values.
Note: The values need to be passed in the same order as the placeholders are defined in the query.
// on startup
const mysqlQuery = require('@serayaeryn/mysql-query');
const getEscapedQuery = mysqlQuery('SELECT email FROM users WHERE id=?id;');
// on runtime
const escapedQuery = getEscapedQuery('1');
connection.query(escapedQuery);Benchmark
The benchmark compares to the format(sql, values) function of the sqlstring module.
Usage
Clone the repository and run npm run benchmark.
Results
$ npm run benchmark
@serayaeryn/mysql-query x 5,618,794 ops/sec ±0.40% (89 runs sampled)
sqlstring - format x 1,981,991 ops/sec ±0.23% (92 runs sampled)
Fastest is @serayaeryn/mysql-query