Knex Raw Select Postgresql,带有变量

时间:2019-12-27 17:56:22

标签: postgresql knex.js

我可以在knex查询中使用变量吗? db.raw(select usr_vote.vote where usr_vote.user.id = ${loggedInUserId})有什么问题?其他一切正常。

在现在可以正常工作的db.raw中,我正在尝试使用变量(loggedInUserId)来获取问题的已登录用户的投票历史记录(他们可以赞成/反对赞成,因此该值为-1或1或null)。预先感谢您的帮助!

有4个表格,如下所示:

askify_users

  • id
  • 用户名

askify_questions

  • id
  • 标题
  • 身体
  • 标签
  • 创建日期
  • user_id(FK引用askify_users.id)

askify_answers

  • id
  • answer
  • question_id(FK引用askify_question.id)
  • user_id(FK引用askify_users.id)

askify_question_votes

  • 列表项
  • question_id(FK引用askify_questions.id)
  • user_id(FK引用askify_users.id)
  • 投票(-1或1)
  • 主键(question_id,user_id)

getAllQuestions(db, loggedInUserId) {
    return db
      .from('askify_questions AS q')
      .select(
        'q.id AS question_id',
        'q.title AS question_title',
        'q.body AS question_body',
        'q.date_created AS date_created',
        'q.tags',
        db.raw(
          `count(DISTINCT ans) AS number_of_answers`
        ),
        db.raw(
          `SUM(DISTINCT usr_vote.vote) AS sum_of_votes`
        ),
        db.raw(
          `select usr_vote.vote where usr_vote.user_id = ${loggedInUserId}`
        ),
        db.raw(
          `json_strip_nulls(
            json_build_object(
              'user_id', usr.id,
              'user_name', usr.user_name,
              'full_name', usr.full_name,
              'date_created', usr.date_created
            )
          ) AS "user"`
        )
      )
      .leftJoin(
        'askify_answers AS ans',
        'q.id',
        'ans.question_id'
      )
      .leftJoin(
        'askify_users AS usr',
        'q.user_id',
        'usr.id'
      )
      .leftJoin(
        'askify_question_vote AS usr_vote',
        'q.id',
        'usr_vote.question_id'
      )
      .groupBy('q.id', 'usr.id')
  },

查询应如下所示。除了'user_vote_history'之外的所有东西都在工作。

  serializeQuestion(question) {
    const { user } = question
    return {
      id: question.question_id,
      question_title: xss(question.question_title),
      question_body: xss(question.question_body),
      date_created: new Date(question.date_created),
      number_of_answers: Number(question.number_of_answers) || 0,
      user_vote_history: question.user_vote_history,
      sum_of_votes: Number(question.sum_of_votes),
      tags: xss(question.tags),
      user: {
        user_id: user.user_id,
        user_name: user.user_name,
        full_name: user.full_name,
        user_vote: user.user_vote,
        date_created: new Date(user.date_created)
      },
    }
  },

1 个答案:

答案 0 :(得分:1)

我注意到,@felixmosh在这里对于绑定值是正确的,但仅是为了详细说明:此处的键是在发生字符串替换时。如果您这样做:

db.raw(`SELECT vote WHERE user_id = ${loggedInUserId}`)

一旦JS解释器到达这一行,替换就在JavaScript中进行。数据库引擎与loggedInUserId中的内容无关,Knex也不相关:您实际上是在绕过所有内置保护。

稍微好一点的是:

db.raw("SELECT vote WHERE user_id = ?", loggedInUserId)

这允许Knex对loggedInUserId中的字符串进行转义。如果愿意,可以使用命名绑定:

db.raw("SELECT vote WHERE user_id = :loggedInUserId", { loggedInUserId })

但是,通过使用Knex已经提供的用于子查询的功能,可以很容易地避免所有与绑定相关的问题:只需将子查询放入函数中即可。

db
  .from("askify_questions AS q")
  .select(
    "q.id AS question_id",
    qb => qb.select("usr_vote.vote").where({ user_id: loggedInUserId })
  )
  .leftJoin(
    "askify_question_vote AS usr_vote",
    "q.id",
    "usr_vote.question_id"
  );

qb参数代表“查询生成器”,并由Knex传递给您的函数。它的行为非常类似于您的db对象。

这将生成类似于以下内容的SQL 

SELECT
  "q"."id" AS "question_id",
  (
    SELECT "usr_vote"."user_id" WHERE "user_id" = ?
  ) 
  FROM "askify_questions AS q"
  LEFT JOIN "askify_question_vote" AS "usr_vote"
    ON "q"."id" = "usr_vote"."question_id"
相关问题
最新问题