Document sql.unsafe query fragments (#567)

porsager · Mar 10, 2023 · c9ded40 · c9ded40
1 parent 4f987d5
commit c9ded40
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -528,6 +528,28 @@ If you know what you're doing, you can use `unsafe` to pass any string you'd lik
 ```js
 sql.unsafe('select ' + danger + ' from users where id = ' + dragons)
 ```
+
+You can also nest `sql.unsafe` within a safe `sql` expression.  This is useful if only part of your fraction has unsafe elements.
+
+```js
+const triggerName = 'friend_created'
+const triggerFnName = 'on_friend_created'
+const eventType = 'insert'
+const schema_name = 'app'
+const table_name = 'friends'
+
+await sql`
+  create or replace trigger ${sql(triggerName)}
+  after ${sql.unsafe(eventType)} on ${sql.unsafe(`${schema_name}.${table_name}`)}
+  for each row
+  execute function ${sql(triggerFnName)}()
+`
+
+await sql`
+  create role friend_service with login password ${sql.unsafe(`'${password}'`)}
+`
+```
+
 </details>
 
 ## Transactions