Module raw

prax_query

Module raw 

Source
Expand description

Raw SQL query execution with type-safe parameter interpolation.

This module provides a safe way to execute raw SQL queries while still benefiting from parameterized queries to prevent SQL injection.

§Creating SQL Queries

use prax_query::Sql;

// Simple query
let sql = Sql::new("SELECT * FROM users");
assert_eq!(sql.sql(), "SELECT * FROM users");

// Query with parameters (binding appends placeholder)
let sql = Sql::new("SELECT * FROM users WHERE id = ")
    .bind(42);
assert_eq!(sql.params().len(), 1);

§Using the raw_query! Macro

use prax_query::raw_query;

// Simple query
let sql = raw_query!("SELECT 1");

// Query with one parameter - {} is replaced with $N placeholder
let id = 42;
let sql = raw_query!("SELECT * FROM users WHERE id = {}", id);
assert_eq!(sql.params().len(), 1);
assert!(sql.sql().contains("$1"));

// Query with multiple parameters
let name = "John";
let age = 25;
let sql = raw_query!("SELECT * FROM users WHERE name = {} AND age > {}", name, age);
assert_eq!(sql.params().len(), 2);

§Building Queries Incrementally

use prax_query::Sql;

// Join multiple conditions
let conditions = vec!["active = true", "verified = true"];
let sql = Sql::new("SELECT * FROM users WHERE ")
    .push(conditions.join(" AND "));

assert!(sql.sql().contains("active = true AND verified = true"));

§Safety

All values passed via raw_query! are parameterized and never interpolated directly into the SQL string, preventing SQL injection attacks.

use prax_query::raw_query;

// This malicious input will NOT cause SQL injection
let malicious = "'; DROP TABLE users; --";
let sql = raw_query!("SELECT * FROM users WHERE name = {}", malicious);

// The malicious string is safely bound as a parameter
assert_eq!(sql.params().len(), 1);
// The SQL itself doesn't contain the malicious text
assert!(!sql.sql().contains("DROP TABLE"));

Structs§

RawExecuteOperation
Raw execute operation for mutations.
RawQueryOperation
Raw query operation for executing typed queries.
SeparatedSql
A helper for building SQL with separators between items.
Sql
A raw SQL query with parameterized values.

Functions§

sql
Helper function to create a raw SQL query from a string.
sql_with_params
Helper function to create a raw SQL query from parts.