@serayaeryn/mysql-query

[![Greenkeeper badge](https://badges.greenkeeper.io/SerayaEryn/mysql-query.svg)](https://greenkeeper.io/) [![Build Status](https://travis-ci.org/SerayaEryn/mysql-query.svg?branch=master)](https://travis-ci.org/SerayaEryn/mysql-query) [![Coverage Status](h

Usage no npm install needed!

<script type="module">
  import serayaerynMysqlQuery from 'https://cdn.skypack.dev/@serayaeryn/mysql-query';
</script>

README

mysql-query

Greenkeeper badge Build Status Coverage Status NPM version

This module provides a performant way to escape your mysql queries to protect from SQL injection.

Installation

npm install @serayaeryn/mysql-query

Usage

Define your query string with placeholders starting with a question mark ? (for example ?name) and pass it to the function exported by the @serayaeryn/mysql-query module. It will create a function, that accepts the values for the previously defined placeholders and returns the query the escaped values.
Note: The values need to be passed in the same order as the placeholders are defined in the query.

// on startup
const mysqlQuery = require('@serayaeryn/mysql-query');
const getEscapedQuery = mysqlQuery('SELECT email FROM users WHERE id=?id;');

// on runtime
const escapedQuery = getEscapedQuery('1');

connection.query(escapedQuery);

Benchmark

The benchmark compares to the format(sql, values) function of the sqlstring module.

Usage

Clone the repository and run npm run benchmark.

Results

$ npm run benchmark

@serayaeryn/mysql-query x 5,618,794 ops/sec ±0.40% (89 runs sampled)
sqlstring - format x 1,981,991 ops/sec ±0.23% (92 runs sampled)
Fastest is @serayaeryn/mysql-query

License

MIT