-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generically parameterizing queries #940
Comments
If we had a method like
|
typeof true); |
Was there a copy-paste error? I'm grateful for any help! |
It turns out that For others looking to solve this problem, here's what you need to know:
For completeness, can we assume that |
How about a PR to the readme then @jtlapp 😉 You'd be in the best position to make it since you know what's missing 👍 I'll help ensure it's correct if you start one. The reasoning for the naming is that there is no way to ensure you haven't combined the query string yourself, so it's potentially unsafe even though you're using parameters.
There's nothing preventing a user from sticking a template literal for the query string in unsafe, where they can then use
This happens on the database level, Postgres.js does nothing to them. The string is sent as is, and the parameters are sent on the side as is (with the exception of serialization). I think conceptually looking at them like variables that the PostgreSQL planner uses in the query is a better mental picture.
The parameters are not escaped, they are transferred as is to PostgreSQL that then uses them in the
No, these are options for the connection / instance.
|
Hehe.. Sorry, I actually disregarded this question as a Typescript issue because of this code sample.
No it's not. Any time you can pass a regular string how should the library know what the user has cooked up?
I think that wouldn't give you the true picture of the various libraries - I think benchmarks ought to be written in the idiomatic style of each library. Even so, for Postgres.js you should add the Be curious to see what you find. Here's some prior art if you're interested: https://porsager.github.io/imdbench/sql.html |
@porsager thank you for the detailed explanation! I posted a PR. I'm primarily benchmarking concurrency, so the computational expense of the query shouldn't matter much, though memory usage may still be an issue. I have found it challenging to find much that's helpful about what sorts of query combinations I need to create to get a good sense of the relative ability frameworks and platforms have for supporting concurrency. So I plan to play around. I want it easy and quick to do so, particularly because I'm building images for deployment to a Kubernetes cluster, where I'll be running the experiments. But I do appreciate the reminder that the most reliable measures will come from using real-world implementations of the queries. Once I understand what sorts of queries I need, I'll likely then hard-code them to get trustworthy test results. And then as a bonus I'll also have meaningful latency benchmarks. Thank you for your benchmark links, and thanks again for your assistance! I already have this working. |
@jtlapp sounds great :) In the case of Postgres.js there is much more than computational. For instance using prepared statements implicitly is a huge gain, as well as ensuring pipelining the queries will work correctly. This all works the best when using Postgres.js properly with tagged template literals, but as mentioned, should be fine with Would love a heads up here if the benchmarks are something you'll share. |
Hello. I'm trying to figure out how to complete this function:
query
contains named placeholders for parameters, andargs
provides the values of those placeholders by key, which provides the placeholder name. I'm generically representing queries and dynamically providing their arguments.I'm looking for the function's implementation and return type.
Is this possible to do in a safe way, with proper literal escaping?
(In case you're questioning the need to do this, it's for a series of benchmarking tests, each potentially written for a different platform, in a different framework, in a different language. Rather than copying the queries from implementation to implementation and maintaining them across implementations, I'm centralizing them. I don't even know what queries I'll end up using in the end, so I want to be able to centrally change the queries for all frameworks all at once as I experiment. The above is for the Deno implementation. Moreover, I won't be using the exact function above; it's just to teach me how to do this.)
The text was updated successfully, but these errors were encountered: