Skip to content

Instantly share code, notes, and snippets.

@brianc
Created October 28, 2010 18:02
Show Gist options
  • Save brianc/651937 to your computer and use it in GitHub Desktop.
Save brianc/651937 to your computer and use it in GitHub Desktop.
prepared statement api idea
//kicking around prepared statement api ideas for
//http://github.com/brianc/node-postgres
var Client = require('node-postgres').Client;
var client = new Client({
name: 'brian',
database: 'test'
});
client.connect();
//first time, have to include query text
client.query({
name: 'insert person', //named prepared statement
text: 'insert into person(name, age) values($1, $2)',
values: ['Aaron', 10]
});
//second time not needed
client.query({
name: 'insert person',
values: ['Brian', 20]
});
//parameter escaping handled by our dear friend PostgreSQL server
client.query({
name: 'insert person',
values: ["''); drop table person;",20] //ain't gonna work!
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment