• Stumblinbear@pawb.social
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    I’m currently using SQLx which you write raw queries in and it validates them against a currently-running db, using the description of the tables to build the typing for the return type instead of relying on the user. It makes it pretty hard to write anything that supports injection

    • hikaru755@feddit.de
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Oh, that sounds really cool! At what time does this validation happen? While you code, or later at build time?

      • Stumblinbear@pawb.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Happens at compile time! It’s relatively quick. You can also run a command to write the query results to file for offline type checking which is mostly useful for CI