This is more of an opinion based general programming questio Prisma #orm-help

This is more of an opinion based general programmi...

Shmuel

01/06/2022, 3:46 PM

This is more of an opinion based general programming question than specific to prisma. Which do you usually do. Do you have the front-end send back a perfectly build up prisma object and just pass it to

.create(

or do you have the back-end build it up? Say for example you want to create a user with posts do you send back- in the body- an object that's prisma specific looking like this...

Copy code

{
  data: {
    email: '<mailto:emma@prisma.io|emma@prisma.io>',
    posts: {
      create: [
        {
          title: 'My first post',
          categories: {
            connectOrCreate: [
              {
                create: { name: 'Introductions' },
                where: {
                  name: 'Introductions',
                },
              },
            ],
          },
        },
        {
          title: 'How to make cookies',
          categories: {
            connectOrCreate: [
              {
                create: { name: 'Social' },
                where: {
                  name: 'Social',
                },
              },
            ],
          },
        },
      ],
    },
  },
}

And just dump the prebuilt object into...

Copy code

const { id } = await prisma.user.create({
        data: req.body,
      });

Or do you send back something less prisma specific like this...

Copy code

data: {
    email: '<mailto:emma@prisma.io|emma@prisma.io>',
    posts:
      [
        {
          title: 'My first post',
          categories: [
            {
              name: 'Introductions',
            },
          ],
        },
        {
          title: 'How to make cookies',
          categories:
            [
              {
                name: 'Social',
              },
            ],
        },
      ],
  },

And then build it up before passing it to the

prisma.user.create

method?

Richard Kaufman-López

01/06/2022, 4:10 PM

Copy code

await prisma.user.create({
        data: req.body,
      });

That is very dangerous. You always want to validate all data that will go into the DB.

Shmuel

01/06/2022, 4:32 PM

Thank you. I plan to validate. On a side note, what would be an example of something that can occur that's very dangerous?

Richard Kaufman-López

01/06/2022, 4:35 PM

Copy code

await prisma.user.create({
        data: req.body,
      });

where

req.body

has

req.body.roles = ["admin"]

, for example

👍 1

Richard Kaufman-López

01/06/2022, 4:36 PM

I always like to explicitly set the data that goes in and out the database.

Shmuel

01/06/2022, 5:01 PM

Thanks

Open in Slack

Previous Next