While I'm not hugely fond of ORMs (I'd argue that relations and objects don't map neatly to each other, and any ORM is going to be a very leaky abstraction for all but trivial cases), that's not because I love writing SQL. I'm a big fan of query-builder tools; describe your query programatically, and have an API that generates the required SQL as a result. This cuts down on developer error, and also hopefully handles all the weird little dialects that every database has.
For example, did you know Postgres has an @> operator? It's a contains operation, which returns true if an array, range, or JSON dictionary contains your search term. Basically, an advanced "in" operation.
Gretchen's team is using the Knex library, which doesn't have a built-in method for constructing those kinds of queries. But that's fine, because it does offer a whereRaw method, which allows you to supply raw SQL. The nice thing about this is that you can still parameterize your query, and Knex will handle all the fun things, like transforming an array into a string.
Or you could just not use that, and write the code yourself:
exports.buildArrayString = jsArray => {
// postgres has some different array syntax
// [1,2] => '{1,2}'
let arrayString = '{';
for(let i = 0; i < jsArray.length; i++) {
arrayString += jsArray[i];
if(i + 1 < jsArray.length) {
arrayString += ','
}
}
arrayString += '}';
return arrayString;
}
There's the string munging we know and love. This constructs a Postgres array, which is wrapped in curly braces.
Also, little pro-tip for generating comma separated code, and this is just a real tiny optimization: before the loop append item zero, start the loop with item 1, and then you can unconditionally prepend a comma, removing any conditional logic from your loop. That's not a WTF, but I've seen so much otherwise good code make that mistake I figured I'd bring it up.
exports.buildArrayContainsQuery = (key, values) => {
// TODO: do we need to do input safety checks here?
// console.log("buildArrayContainsQuery");
// build the postgres 'contains' query to compare arrays
// ex: to fetch files by the list of tags
//WORKS:
//select * from files where _tags @> '{2}';
//query.whereRaw('_tags @> ?', '{2}')
let returnQueryParams = [];
returnQueryParams.push(`${key} @> ?`);
returnQueryParams.push(exports.buildArrayString(values));
// console.log(returnQueryParams);
return returnQueryParams;
}
And here's where it's used. "do we need input safety checks here?" is never a comment I like to see as a TODO. That said, because we are still using Knex's parameter handling, I'd hope it handles escaping correctly so that the answer to this question is "no". If the answer is "yes" for some reason, I'd stop using this library!
That said, all of this code becomes superfluous, especially when you read the comments in this function. I could just directly run query.whereRaw('_tags @> ?', myArray); I don't need to munge the string myself. I don't need to write a function which returns an array of parameters that I have to split back up to pass to the query I want to call.
Here's the worst part of all of this: these functions exist in a file called sqlUtils.js, which is just a pile of badly re-invented wheels, and the only thing they have in common is that they're vaguely related to database operations.
[Advertisement]
Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.
This post originally appeared on The Daily WTF.