| Knex can let you write a raw SQL statement, providing the parameters separately and it builds the actual resulting SQL string, ensuring that everything is escaped properly.
knex.raw('select * from users where id = ?', [1])
|
we could build an approach around this, which would allow users to still write something closer to plain SQL (no need to learn a new library?) and still put some safeguards to protect against injection. |