https://supabase.com/ logo
Join Discord
Powered by
How can I filter on multiple columns values? Docs ...
# help
c
How can I filter on multiple columns values? Docs don't show that type of example I think? https://supabase.com/docs/reference/javascript/using-filters#applying-filters regular sql
Copy code
FROM cities SELECT * WHERE zipcode = '95555' AND state = 'California'
supabase
Copy code
const { data, error } = await supabase
  .from('cities')
  .filter('zipcode', 'eq', 'category)
n
Hello @cliffordfajardo! This thread has been automatically created from your message in #843999948717555735 a ``few seconds ago``. Pinging @User so that they see this as well! Want to unsubscribe from this thread? Right-click the thread in Discord (or use the ... menu) and select Leave Thread to unsubscribe from future updates. Want to change the title? Use the 
/title
command! We have solved your problem? Click the button below to archive it.
g
See https://supabase.com/docs/reference/javascript/using-filters#chaining Also can use .match for several equal columns.
n
cliffordfajardo (2022-03-12)
g
Filter chaining is the same as 'and'
c
ahh ok thank @User
@User - do you know if there'a a way to pass raw SQL strings to supbase? I know it sounds strange given the supabase docs recommend using their client's . I think it would be nice to do this:
Copy code
supabase.execute(`SELECT * FROM cities WHERE zipcode=${zipcode} AND state = ${}`)
Love supbase auth and the web UI for managing DB, but learning new SQL API abstractions can sometimes feel cumbersome. The pro of SQL is I can take that common query language anywhere & of course be able to debug the query planner more easily
g
Only with rpc call to a postgres function that does your sql. Was part of the early decision on security/performance tradeoff of an api in PostgREST which SB uses.
s
Supabase QL is pretty good at what it does, but I found that there's not a significant amount of really advanced examples out there. I agree that creating an SQL function and calling via RPC is often much easier, and definitely a lot more flexible for certain situations.
c
> Supabase QL is pretty good at what it does, but I found that there's not a significant amount of really advanced examples out there. I agree > I agree that creating an SQL function and calling via RPC is often much easier I'll need to look into this I know that by using the supabase client I get typescript autocompletion among other things since I'm confirming to the supbase client libs API Counterpoint, if on where able to just execute SQL queries, you can easily find very advanced example & use cases across different forums and websites. I believe people literally would still pay for supabase just for the good experience with the auth, dashboard, at least I would At anyrate, I'm going off the rails on something I don't have control of at the moment lol... Thanks folks
s
I'm actually glad it doesn't allow SQL from the client. Creating functions is time consuming, but the safety of it being called via RPC is something I really like. People without experience of SQL would risk not correctly parameterising their queries, and we'd end up with tickets in the repo about good old Bobby Tables (https://xkcd.com/327/) because someone lost their prod database
g
How would you secure client code sql going to the "execute" function? If you are on a server sure, but it would have to be a server only option I would think.
c
fair point, a little abstraction at least in the Javascript world solve this like create a template literal function that would guard against that and you can still pass a raw SQL string 😄
Copy code
# abstraction comes from libaries like this: 
import {sql} from '...supabase'
const result = sql`SELECT * FROM ...`
I've seen several libraries that offer this nice abstraction and guard against the aforementioned problems you all mentioned. There's an entire section listed below addressing the concerns you mentioned here by Slonik's creator. This guy makes tons of DB libraries, he's a cool guy https://github.com/gajus/slonik#protecting-against-unsafe-value-interpolation pgtyped is really nice - https://pgtyped.vercel.app/
g
Could not find real quick on that but is it node only? So server?
c
yes 
slonik
in particular is node only. I think I saw a go lang implementation recently I will circle back and share later on I think he made a library out out of the template literal 
sql
function I shared above which is decoupled from the 
slonik
client Also 
postgres.js
supports the same raw SQL queries, and like the 
slonik
library above, you need to pass your SQL query to the 
sql
template literal function Attached are images from slonik and postgres.js
g
As an aside you have complete data base access connection as postgres user so it is possible any of those work with Supabase, if you deal with linking up auth if needed...
PreviousNext
Powered by