DEV Community: Eliya Cohen The latest articles on DEV Community by Eliya Cohen (@newbie012). https://dev.to/newbie012 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F415845%2F6f5a2eb5-76fe-4b50-9d82-c50e12917e37.jpeg DEV Community: Eliya Cohen https://dev.to/newbie012 en You may not need an SQL query builder or ORM Eliya Cohen Thu, 06 Oct 2022 19:12:58 +0000 https://dev.to/newbie012/you-may-not-need-an-sql-query-builder-or-orm-5e2d https://dev.to/newbie012/you-may-not-need-an-sql-query-builder-or-orm-5e2d <p>The are three levels of forms to interact with our database:</p> <ol> <li>Raw SQL (also known as native SQL)</li> <li>Query Builder</li> <li>ORM</li> </ol> <h2> Raw SQL </h2> <p>With great power comes great responsibility. Raw SQL gives us the most low-level form of interaction with our database. This may lead to lots of issues. Namely SQL injections, typos, low-editor support, and typescript types support (we don't want to manually maintain the types).</p> <h2> Query Builder </h2> <p>A query builder can solve most of the Raw SQL approach. It does so by supplying wrapper functions rather than actually writing raw queries. It may look something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">person</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span> <span class="p">.</span><span class="nx">selectFrom</span><span class="p">(</span><span class="dl">'</span><span class="s1">person</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">innerJoin</span><span class="p">(</span><span class="dl">'</span><span class="s1">pet</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">pet.owner_id</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">person.id</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">select</span><span class="p">([</span><span class="dl">'</span><span class="s1">first_name</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">pet.name as pet_name</span><span class="dl">'</span><span class="p">])</span> <span class="p">.</span><span class="nx">where</span><span class="p">(</span><span class="dl">'</span><span class="s1">person.id</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">=</span><span class="dl">'</span><span class="p">,</span> <span class="nx">id</span><span class="p">)</span> <span class="p">.</span><span class="nx">executeTakeFirst</span><span class="p">()</span> </code></pre> </div> <blockquote> <p>Taken from <a href="https://github.com/koskimas/kysely#minimal-example">Kysely</a> Minimal example.</p> </blockquote> <p>While it does solve most of the issues of writing raw SQL, it has its own cons as well (This is not specific to Kysely):</p> <ul> <li>You don't get complete control over how you run your queries.</li> <li>You don't know what SQL query is actually being run.</li> <li>You can't simply copy-paste the query into your PgAdmin/DataGrip to debug your query.</li> <li>Language-specific syntax is limited (such as coalesce, functions, etc.).</li> <li>You're bound to the technology you're using. It can be cumbersome if you switch to a new library after a while.</li> </ul> <h2> ORMs </h2> <p>ORMs are usually the most high-level interaction form with your database. It gives you a more declarative approach to interacting with your database. Given the example I shown above, Let's compare it with Prisma:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">prisma</span><span class="p">.</span><span class="nx">person</span><span class="p">.</span><span class="nx">findFirst</span><span class="p">({</span> <span class="na">select</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">Pet</span><span class="p">:</span> <span class="p">{</span> <span class="na">select</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="kc">true</span><span class="p">.</span> <span class="p">}</span> <span class="p">}</span> <span class="p">},</span> <span class="na">where</span><span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">id</span> <span class="p">}</span> <span class="p">})</span> </code></pre> </div> <p>While it's more rows than we've written before, you don't need to define how <code>pet</code> is related to <code>person</code> since the ORM handles it for you. While it's more simplified compared to query builder (which can be controversial), it has its own cons as well:</p> <ul> <li>It's more limited than a query builder (note that I couldn't add a column alias (<code>pet.name as pet_name</code>).</li> <li>All of what I mentioned with query builder cons.</li> </ul> <h2> There's no silver bullet. Or is it? </h2> <p>Going back to raw SQL - What if you had a tool that allowed us to keep writing SQL while taking care of the abovementioned issues?</p> <p>Today, there are popular SQL libraries help you write safe queries from SQL injections (such as Prisma and Postgres.js) using a tagged template syntax. <a href="https://dev.to/newbie012/please-dont-manually-parameterize-your-sql-queries-3m7k">I wrote a more in-depth post about it here</a>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">sql</span><span class="s2">`SELECT name FROM person WHERE id = </span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span> <span class="c1">// Will be evaluated to</span> <span class="c1">// { query: "SELECT name FROM person WHERE id = $1, values: [id] }</span> </code></pre> </div> <p>But still, we're left with these issues:</p> <ul> <li>The query is open to typos.</li> <li>Missing typescript support.</li> <li>Open to runtime errors (such as ambiguous column names).</li> </ul> <p>If there was a tool that plugs into your linter (ESLint) and helps you find and fix these issues, would you use it? Luckily, I just wrote one - <a href="https://github.com/ts-safeql/safeql">SafeQL</a>.</p> <p>Demo:</p> <p><iframe src="https://player.vimeo.com/video/757656695" width="710" height="399"> </iframe> </p> <p>Using this plugin will ensure the following:</p> <p>Your query has neither language typos nor table/column typos.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">client</span><span class="p">.</span><span class="nx">query</span><span class="p">(</span><span class="nx">sql</span><span class="s2">`SELECT idd FROM comments`</span><span class="p">);</span> <span class="o">~~~</span> <span class="nb">Error</span><span class="p">:</span> <span class="nx">column</span> <span class="dl">"</span><span class="s2">idd</span><span class="dl">"</span> <span class="nx">does</span> <span class="nx">not</span> <span class="nx">exist</span> </code></pre> </div> <p>Your query has the correct type annotation. If a query doesn't have a type or has an invalid type, SafeQL will auto-fix it for you.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">client</span><span class="p">.</span><span class="nx">query</span><span class="p">(</span><span class="nx">sql</span><span class="s2">`SELECT id FROM comments`</span><span class="p">);</span> <span class="o">~~~~~~~~~~~~</span> <span class="nb">Error</span><span class="p">:</span> <span class="nx">Query</span> <span class="k">is</span> <span class="nx">missing</span> <span class="kd">type</span> <span class="nx">annotation</span> </code></pre> </div> <p>Your query won't have invalid where clauses (e.g., comparing an integer column to a boolean value).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nx">getById</span><span class="p">(</span><span class="nx">id</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="p">{</span> <span class="nx">client</span><span class="p">.</span><span class="nx">query</span><span class="p">(</span><span class="nx">sql</span><span class="s2">`SELECT * FROM comments WHERE body = </span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="o">~</span> <span class="nb">Error</span><span class="p">:</span> <span class="nx">operator</span> <span class="nx">does</span> <span class="nx">not</span> <span class="nx">exist</span><span class="p">:</span> <span class="nx">text</span> <span class="o">=</span> <span class="nx">integer</span> <span class="p">}</span> </code></pre> </div> <p>Since SafeQL is a plugin and not an SQL library, it gives you the following benefits:</p> <ul> <li>If you want to drop the plugin, you can simply remove it from ESLint, and everything should still be ok.</li> <li>You can use whatever SQL library you want (Although libraries that don't come with a built-in sql tagged literal will have to install a third-party package, such as <a href="https://safeql.dev/libraries/sql-tag/introduction.html">@ts-safeql/sql-tag</a>).</li> <li>If you care about bundle size, then you might be happy to know that SafeQL adds zero kilobytes to your bundle size since it's not a runtime code (just like any other ESLint plugin/rule).</li> </ul> <p>While it does solve many issues, it's not perfect.</p> <ul> <li>Unlike ORMs and Query Builders, SafeQL doesn't have an auto-complete syntax.</li> <li>SafeQL is still actively developed. Although it hasn't reached a stable release yet, it has proven itself in a large codebase.</li> </ul> <p>If you feel adventurous and want to try out SafeQL, be sure to check out the <a href="https://safeql.dev/guide/getting-started.html">Getting Started</a> page in the documentation 🙂</p> <h2> Conclusion </h2> <p>Query Builders and ORMs are solutions to problems. SafeQL is another solution. Each one has its downsides. In one project, we may prefer one solution over the other. In a different project, we may prefer mixing two solutions. It's really up to you.</p> <p>Disclaimer: I'm not against using SQL query builders. While the solution I wrote solves most of what the query builder solves, each solution has its pros and cons.</p> typescript postgres javascript webdev Please Don't (Manually) Parameterize Your SQL Queries Eliya Cohen Fri, 16 Sep 2022 14:36:01 +0000 https://dev.to/newbie012/please-dont-manually-parameterize-your-sql-queries-3m7k https://dev.to/newbie012/please-dont-manually-parameterize-your-sql-queries-3m7k <p>Last week, I wrote a <a href="https://dev.to/newbie012/write-sql-queries-with-confidence-typescript-postgres-5b61">post</a> about a plugin (that lints your SQL queries) called <a href="https://safeql.dev">SafeQL</a>. While doing so, I wrote this line:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">client</span><span class="p">.</span><span class="nx">query</span><span class="p">(</span><span class="nx">sql</span><span class="s2">`SELECT * FROM comments WHERE id = </span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> </code></pre> </div> <p>Immediately, I got responses from a few places that I should <a href="https://www.reddit.com/r/javascript/comments/xbb4ge/comment/inz5tbn">parameterize</a> <a href="https://www.reddit.com/r/javascript/comments/xbb4ge/comment/inyqdw3">my</a> <a href="https://dev.to/raibtoffoletto/comment/21hip">queries</a> since it's open for SQL injections.</p> <p>While they are not entirely wrong, they are not correct.</p> <p>I'll explain; writing variables inside a query string is indeed a call for SQL injection:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// ⚠️ Open to SQL injection</span> <span class="nx">client</span><span class="p">.</span><span class="nx">query</span><span class="p">(</span><span class="s2">`SELECT * FROM comments WHERE id = </span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="c1">// id = "0 OR (other statement)"</span> </code></pre> </div> <p>While that is true, it is not what is happening in the code below<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">client</span><span class="p">.</span><span class="nx">query</span><span class="p">(</span><span class="nx">sql</span><span class="s2">`SELECT * FROM comments WHERE id = </span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="c1">// ^^^ tagged templated literal</span> </code></pre> </div> <h2> What is this syntax? </h2> <p>It is called <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals#tagged_templates">Tagged templates</a>, and I am quoting MDN:</p> <blockquote> <p>Tags allow you to parse template literals with a function. The first argument of a tag function contains an array of string values. The remaining arguments are related to the expressions.</p> </blockquote> <h2> Explain to me like I am 5 </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// this line</span> <span class="nx">client</span><span class="p">.</span><span class="nx">query</span><span class="p">(</span><span class="nx">sql</span><span class="s2">`SELECT * FROM comments WHERE id = </span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="c1">// turns into this:</span> <span class="nx">client</span><span class="p">.</span><span class="nx">query</span><span class="p">({</span> <span class="na">text</span><span class="p">:</span> <span class="dl">"</span><span class="s2">SELECT * FROM comments WHERE id = $1</span><span class="dl">"</span><span class="p">,</span> <span class="na">values</span><span class="p">:</span> <span class="p">[</span><span class="nx">id</span><span class="p">]</span> <span class="p">})</span> </code></pre> </div> <p><code>sql</code> (which is a tagged template literal) is a function that looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kd">function</span> <span class="nx">sql</span><span class="p">(</span> <span class="nx">template</span><span class="p">:</span> <span class="nx">TemplateStringsArray</span><span class="p">,</span> <span class="p">...</span><span class="nx">values</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">[]</span> <span class="p">);</span> <span class="c1">// Typescript built-in type</span> <span class="kr">interface</span> <span class="nx">TemplateStringsArray</span> <span class="kd">extends</span> <span class="nx">ReadonlyArray</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">readonly</span> <span class="na">raw</span><span class="p">:</span> <span class="k">readonly</span> <span class="kr">string</span><span class="p">[];</span> <span class="p">}</span> </code></pre> </div> <p>Given the following code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">sql</span><span class="s2">`SELECT * FROM comments WHERE id = </span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span> <span class="c1">// template === ["SELECT * FROM comments WHERE id = "]</span> <span class="c1">// values === [id]</span> </code></pre> </div> <p><code>template</code> would be equal to <code>["SELECT * FROM comments WHERE id = "]</code> and values to <code>[id]</code>.</p> <h2> But how node-postgres or Sequelize handle it? </h2> <p>After we demystified the term tagged template literal, how can we use it to our favor?</p> <p>node-postgres allows writing SQL queries by:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// string only approach</span> <span class="nx">client</span><span class="p">.</span><span class="nx">query</span><span class="p">(</span><span class="dl">"</span><span class="s2">select name FROM table_name WHERE id = $1</span><span class="dl">"</span><span class="p">,</span> <span class="p">[</span><span class="nx">name</span><span class="p">]);</span> <span class="c1">// object approach</span> <span class="nx">client</span><span class="p">.</span><span class="nx">query</span><span class="p">({</span> <span class="na">text</span><span class="p">:</span> <span class="dl">"</span><span class="s2">select name FROM table_name WHERE id = $1</span><span class="dl">"</span><span class="p">,</span> <span class="na">values</span><span class="p">:</span> <span class="p">[</span><span class="nx">name</span><span class="p">]</span> <span class="p">});</span> </code></pre> </div> <p>Sequelize allows us to write in an object approach as well (among others), but with <code>query</code> rather than a <code>text</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="nx">sequelize</span><span class="p">.</span><span class="nx">query</span><span class="p">({</span> <span class="na">query</span><span class="p">:</span> <span class="dl">"</span><span class="s2">select name FROM table_name WHERE id = $1</span><span class="dl">"</span><span class="p">,</span> <span class="na">values</span><span class="p">:</span> <span class="p">[</span><span class="nx">name</span><span class="p">]</span> <span class="p">});</span> </code></pre> </div> <p>As we might have noticed, the object structure is similar to the same structure that the <code>sql</code> tag has returned. In other words, when using <code>sql</code> tag, it returns an object that resembles a parameterized query.</p> <h2> <code>sql</code> implementation in a nutshell </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">function</span> <span class="nx">sql</span><span class="p">(</span><span class="nx">template</span><span class="p">:</span> <span class="nx">TemplateStringsArray</span><span class="p">,</span> <span class="p">...</span><span class="nx">values</span><span class="p">:</span> <span class="nx">unknown</span><span class="p">[])</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">id</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">text</span> <span class="o">=</span> <span class="nx">template</span><span class="p">[</span><span class="mi">0</span><span class="p">];</span> <span class="k">for</span> <span class="p">(</span><span class="kd">const</span> <span class="nx">value</span> <span class="k">of</span> <span class="nx">values</span><span class="p">)</span> <span class="p">{</span> <span class="nx">query</span> <span class="o">+=</span> <span class="s2">`$</span><span class="p">${</span><span class="o">++</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="nx">query</span> <span class="o">+=</span> <span class="nx">template</span><span class="p">[</span><span class="nx">id</span><span class="p">];</span> <span class="p">}</span> <span class="c1">// we pass both `query` and `text` so it would be compatible with both</span> <span class="c1">// node-postgres and Sequelize:</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">text</span><span class="p">,</span> <span class="na">query</span><span class="p">:</span> <span class="nx">text</span><span class="p">,</span> <span class="nx">values</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h2> Why should I use it over manually parameterized queries? </h2> <p>It is easier, safer, less error-prone, and more straightforward. Large queries can go up to dozens of parameters. It is just a matter of time before they will be misplaced. In addition, reading the query while trying to figure out what is <code>$5</code> or <code>$14</code> can be challenging.</p> <h2> npm install </h2> <p>Instead of maintaining an sql implementation, there are a few packages that have already done it:</p> <p><a href="https://www.npmjs.com/package/@ts-safeql/sql-tag">@ts-safeql/sql-tag</a><br> <a href="https://www.npmjs.com/package/sql-template-strings">sql-template-strings</a><br> <a href="https://www.npmjs.com/package/sql-template-tag">sql-template-tag</a></p> <h2> What's next? </h2> <p>If you are using TypeScript and care about type safety, check out <a href="https://safeql.dev">SafeQL</a>. It is a free and open-source ESLint plugin that ensures you never misspell a table, column, or any invalid syntax. As a plus, it automatically generates TypeScript types for each query you write.</p> javascript typescript sql postgres Write SQL Queries With Confidence (TypeScript + Postgres) Eliya Cohen Sat, 10 Sep 2022 22:34:37 +0000 https://dev.to/newbie012/write-sql-queries-with-confidence-typescript-postgres-5b61 https://dev.to/newbie012/write-sql-queries-with-confidence-typescript-postgres-5b61 <p>TL;DR- Check out <a href="https://safeql.dev" rel="noopener noreferrer">https://safeql.dev</a></p> <h2> A Problem </h2> <p>Usually, we tend to operate against our database using ORMs such as Prisma, Sequelize, TypeORM, etc.</p> <p>Most of the time, these libraries deliver a great DX, but in some cases, they can be limited. For example:</p> <ul> <li>The library doesn't support a feature that you need.</li> <li>The actual query that the library is generating is not optimal.</li> <li>You have a complex query that writing it using the library is either impossible or hard to maintain.</li> </ul> <p>In all of these cases, we find ourselves writing raw queries. At first, we might even write some tests around it to make sure<br> we won't mess it up in the future. Then, we might even manually write our types for each query.</p> <p>Times go by, and you find yourself with a bunch of raw queries, and each time you write another one, you lose confidence. Then, your colleagues write more migrations, which becomes quite hard to follow.</p> <p>That's where <a href="https://safeql.dev" rel="noopener noreferrer">SafeQL</a> comes into play.</p> <h2> What is SafeQL? </h2> <p>SafeQL is a plugin for ESLint that helps you write safe raw queries.</p> <p>It does so by:</p> <ol> <li>Checking your raw queries for syntax errors (e.g., trying to select a column that doesn't exist).</li> <li>Warn you about type errors (e.g., trying to compare a string to an integer)</li> <li>Warn you about missing/incorrect query TS types (and suggest fixes).</li> </ol> <p>What does it look like?</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> client.query(sql`SELECT idd FROM comments`); ~~~ // Error: column "idd" does not exist </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> function getById(id: number) { client.query(sql`SELECT * FROM comments WHERE body = ${id}`); ~ // Error: operator does not exist: text = integer } </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> client.query(sql`SELECT id FROM comments`); ~~~~~~~~~~~~ // Error: Query is missing type annotation </code></pre> </div> <p>Here's a tweet that demonstrates it on live</p> <p><iframe class="tweet-embed" id="tweet-1564036318229073921-996" src="https://platform.twitter.com/embed/Tweet.html?id=1564036318229073921"> </iframe> // Detect dark theme var iframe = document.getElementById('tweet-1564036318229073921-996'); if (document.body.className.includes('dark-theme')) { iframe.src = "https://platform.twitter.com/embed/Tweet.html?id=1564036318229073921&amp;theme=dark" } </p> <h2> Ok, how do I use it? </h2> <p><a href="https://www.safeql.dev/guide/getting-started.html" rel="noopener noreferrer">See documentation</a></p> <p>First, you need to install the plugin:</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> npm <span class="nb">install</span> <span class="nt">--save-dev</span> @ts-safeql/eslint-plugin libpg-query </code></pre> </div> <p>Then, you need to add the plugin to your ESLint config:</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"plugins"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"@ts-safeql/eslint-plugin"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Finally, it depends on whether you want to get your type validation from a migrations folder or a database URL.<br> For simplicity's sake, we'll be using <a href="https://www.prisma.io/" rel="noopener noreferrer">Prisma</a> as our ORM and validate against a database URL:</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rules"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"@ts-safeql/check-sql"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"error"</span><span class="p">,</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"connections"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"databaseUrl"</span><span class="p">:</span><span class="w"> </span><span class="s2">"postgres://postgres:postgres@localhost:5432/my_database"</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"prisma"</span><span class="p">,</span><span class="w"> </span><span class="nl">"operators"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"$queryRaw"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> What's going on here? </h3> <p>As you might've seen, <code>connections</code> is an array rather than a single object. That's because you can have multiple connections.<br> For example, you might have a <code>mainClient</code> for your main database and a <code>subClient</code> for your sub-database.<br> In most cases, you would only have one connection.</p> <p>Each connection has the following properties:</p> <ul> <li> <code>databaseUrl</code>: The database URL to connect to.</li> <li> <code>name</code>: The variable name that holds the connection (for example, <code>prisma</code> for <code>prisma.$queryRaw(...)</code>).</li> <li> <code>operators</code>: An array of operators you use to execute queries (for example, <code>prisma</code> for <code>prisma.$queryRaw(...)</code>).</li> </ul> <h3> Take it for a spin </h3> <p>Now you have everything set up!</p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">Prisma</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@prisma/client</span><span class="dl">"</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getUserById</span><span class="p">(</span><span class="nx">id</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">prisma</span><span class="p">.</span><span class="nf">$queryRaw</span><span class="p">(</span> <span class="o">~~~~~~~~~~~~~~~~</span> <span class="c1">// Error: Query is missing type annotation</span> <span class="nx">Prisma</span><span class="p">.</span><span class="nx">sql</span><span class="s2">`SELECT * FROM users WHERE id = </span><span class="p">${</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span> <span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>SafeQL is currently in its very early stages, but we can make it better with the community's help! If you have any ideas/improvements/bugs to share, be sure to <a href="https://github.com/ts-safeql/safeql/issues/new/choose" rel="noopener noreferrer">file an issue</a> in our GitHub repository.</p> typescript postgres javascript sql