yarn add @cd2/es-qu-el
The SQL function will automatically escape any interpolated into the string.
import { SQL } from "@cd2/es-qu-el"
const userInput = `dangerous user input ' OR true; `
const sql = SQL`SELECT * FROM table WHERE thing=${userInput}`A function can be interpolated which will get access to an object with many sanitizers:
const table = `my_table`
const sql = SQL`SELECT * FROM ${as => as.name(table)}`