https://www.prisma.io/ logo
Join Slack
Powered by
Hi guys!!!My first time on slack..Hope I dont mess...
# orm-help
g
Hi guys!!!My first time on slack..Hope I dont mess up stuff 😛 I love prisma but I m having troubles using queryRaw.. I just want to pass my custom query (built FE) as an input.. Is there a way not to use queryRawUnsafe???? 😭😣 thank you ❤️
Copy code
That's the error I get: :sob:{
    "errors": [
        {
            "message": "\nInvalid `prisma.queryRaw()` invocation:\n\n\n  Raw query failed. Code: `42601`. Message: `db error: ERROR: syntax error at or near \"$1\"`",
            "locations": [
                {
                    "line": 2,
                    "column": 3
                }
            ],
            "path": [
                "getCars"
            ],
            "extensions": {
                "code": "INTERNAL_SERVER_ERROR",
                "exception": {
                    "code": "P2010",
                    "clientVersion": "3.13.0",
                    "meta": {
                        "code": "42601",
                        "message": "db error: ERROR: syntax error at or near \"$1\""
                    },
                    "stacktrace": [
                        "Error: ",
                        "Invalid `prisma.queryRaw()` invocation:",
                        "",
                        "",
                        "  Raw query failed. Code: `42601`. Message: `db error: ERROR: syntax error at or near \"$1\"`",
                        "    at Object.request (C:\\Users\\Giorgia.Mazzini\\Documents\\learninggraphql\\smarter01\\BE\\node_modules\\@prisma\\client\\runtime\\index.js:45629:15)",
                        "    at async Proxy._request (C:\\Users\\Giorgia.Mazzini\\Documents\\learninggraphql\\smarter01\\BE\\node_modules\\@prisma\\client\\runtime\\index.js:46456:18)"
                    ]
                }
            }
        }
    ],
    "data": {
        "getCars": null
    }
}
That's my code
Copy code
getCars: (_parent, { input }, { prisma }) => {
    if(input){

        console.log(input) // --> SELECT * FROM car WHERE car."plate" ILIKE '%123%'  //type String
        const differentInput = '%123%'

        // const result =  prisma.$queryRaw`SELECT * FROM car WHERE car."plate" ILIKE '%123%'` // works
        // const result =  prisma.$queryRaw`SELECT * FROM car WHERE car."plate" ILIKE ${differentInput}` // works
        // const result =  prisma.$queryRawUnsafe(input) // Works

        const result =  prisma.$queryRaw`${input}` // Doesn`t work!!!!
        return result

    }
    // ... Other code
  }
j
prisma.queryRaw
is intended to run using the templated string function. 
prisma.queryRawUnsafe
uses a different method of protecting against SQL injection. https://www.prisma.io/docs/concepts/components/prisma-client/raw-database-access#queryraw
If you need them passed in separately, you should be using 
prisma.queryRawUnsafe
. Note that despite the name, if you are using it correctly (with `$#`/`?` for your fields, and a matching list of fields, it does protect you from SQL injection.
Open in Slack
PreviousNext
Powered by