See Query for available methods.
use typed_sql::{Query, Table, ToSql};
#[derive(Table)]
struct User {
id: i64,
name: String
}
let stmt = User::table()
.select()
.filter(|user| user.id.neq(6).and(user.id.gt(3)))
.group_by(|user| user.name)
.order_by(|user| user.name.then(user.id.ascending()))
.limit(5);
assert_eq!(
stmt.to_sql(),
"SELECT * FROM users \
WHERE users.id != 6 AND users.id > 3 \
GROUP BY users.name \
ORDER BY users.name,users.id ASC \
LIMIT 5;"
);Queries with user input strings are vulnerable to SQL injections
and therefore must be serialized with ToSql::to_sql_unchecked.
use typed_sql::{Insertable, Query, Table, ToSql};
#[derive(Table, Insertable)]
struct User {
name: String
}
let stmt = User::table().insert(User { name: String::from("untrusted") });
assert_eq!(
stmt.to_sql_unchecked(),
"INSERT INTO users(name) VALUES ('untrusted');"
);To avoid this use prepared statements with Binding.
use typed_sql::{Binding, Query, Table, ToSql};
#[derive(Binding, Table)]
struct User {
name: String
}
let id_plan = User::prepare("idplan", |binds| {
User::table().update(|user| user.name.eq(binds.name))
});
assert_eq!(
id_plan.to_sql(),
"PREPARE idplan AS UPDATE users SET users.name = $1;"
);
let stmt = id_plan.execute(User { name: String::from("foo") });
assert_eq!(stmt.to_sql(), "EXECUTE idplan('foo');");