top | item 47056340

(no title)

Fulgen | 12 days ago

This is about raw_sql, which is explicitely documented to not use prepared statements and thus doesn't support query parameters; not about the actual query() API SQLx offers.

> Note: query parameters are not supported.

> Query parameters require the use of prepared statements which this API does support.

> If you require dynamic input data in your SQL, you can use format!() but be very careful doing this with user input. SQLx does not provide escaping or sanitization for inserting dynamic input into queries this way.

> See query() for details.

discuss

No comments yet.