Issue with NOT_TAGGED_CALL

[arcuri82]

Hi,
thanks for developing this library.

I need to execute some dynamically generated SQL commands, like:

const postgres = require("postgres");
connection = postgres(dbURL,...);
connection([x]).then(...

where x is dynamically generated (that's a strong requirement, and there is 0 risk of SQL injection).

However, I am getting:

Error: NOT_TAGGED_CALL: Query not called as a tagged template literal

Considering that in theory tagged templates are just syntactic sugar, I am also trying call it with:

connection([""],x) and connection(["",""],x)

but it gives the same error.

Is there any way to bypass/disable this check? or call it in a way that does not crash?

many thanks

[porsager]

@arcuri82 You should use sql.unsafe() for that 😉

Tagged template literals are not simply syntactic sugar, they allow the consuming function to both cache by a static reference to the tagged template literal, and handle the parameters supplied before moving on. This is the specific thing that makes Postgres.js able to call itself safe from SQL injection, and also the reason for the raw string query function being named unsafe 😋

[arcuri82]

many thanks for the explanation