Raxol. Query
(Raxol v2.6.0)
View Source
Safe query building utilities for Raxol.
Provides functions for building parameterized queries to prevent SQL injection.
Example
{:ok, result} = Raxol.Query.parameterized(
"SELECT * FROM users WHERE id = ?",
[user_id]
)
Summary
Functions
Execute a parameterized query (stub - requires database adapter).
Build a safe IN clause.
Build a safe LIKE pattern.
Create a parameterized query.
Validate that a value is safe for use in a query.
Types
Functions
@spec execute(query()) :: {:ok, []}
Execute a parameterized query (stub - requires database adapter).
In a real implementation, this would execute against a database.
Build a safe IN clause.
Example
{:ok, clause, params} = Raxol.Query.in_clause([1, 2, 3])
# => {:ok, "$1, $2, $3", [1, 2, 3]}
Build a safe LIKE pattern.
Escapes special characters in the pattern to prevent injection.
Example
pattern = Raxol.Query.like_pattern("user%input")
# => "user\%input%"
@spec parameterized(String.t(), list()) :: {:ok, query()} | {:error, {:param_mismatch, non_neg_integer(), non_neg_integer()}}
Create a parameterized query.
Returns a query structure that safely separates the query template from user-provided values.
Example
{:ok, query} = Raxol.Query.parameterized(
"SELECT * FROM users WHERE id = ? AND active = ?",
[user_id, true]
)
# query => %{sql: "SELECT * FROM users WHERE id = $1 AND active = $2", params: [user_id, true]}
@spec validate_value(any()) :: :ok | {:error, :unsafe}
Validate that a value is safe for use in a query.
Example
:ok = Raxol.Query.validate_value("normal string")
{:error, :unsafe} = Raxol.Query.validate_value("'; DROP TABLE users; --")