Replies: 3 comments 1 reply
-
|
Hello @Blaumaus! Thanks for your interest in this library. As of 1.0.11 version, it's not possible to use prepared statements. I already have an implementation on this, but needs some more testing. I'll be adding them as separate ^ Note: Even though they say that prepared statements are only implemented for selects, there's an issue from 2019 which means the opposite. Maybe we should use prepared statements only for selects. I'm not sure. With ^ Please also see this discussion. |
Beta Was this translation helpful? Give feedback.
-
|
Hey @depyronick. |
Beta Was this translation helpful? Give feedback.
-
|
Hey @Blaumaus Your first post was about adding such feature to "inserts", and I pointed out that parameterized queries are initially implemented to "selects" only by clickhouse, and is subject to consider for implementation. So, yeah, I'll be working on it, it's a good feature. Btw, I think it's a bit odd to call them "competitor". This library is just an alternative written in typescript to preserve types and maintained to keep up to date with clickhouse updates. I had decided to create this library after one of their version update broke our workflow. |
Beta Was this translation helpful? Give feedback.
-
|
Note: Actually not their fault, it was because of clickhouse update but they were not watching for it. |
Beta Was this translation helpful? Give feedback.
-
Hello! I love the library and the simplicity of it.
Is it possible to use prepared statements via this client?
Please correct me if I'm wrong, but as I see, you're currently mapping the provided parameters to insert, which probably may be vulnerable to SQL Injection attacks. The prepared statements insertion should prevent it.
Is it planned to add this feature into the next releases of this library?
Beta Was this translation helpful? Give feedback.
All reactions