Sprintf-style postgres query formatting and escape helper functions.
$ npm install pg-escape
var sql = escape('INSERT INTO %I VALUES(%L)', 'books', "O'Reilly");
console.log(sql);
yields:
INSERT INTO books VALUES('O''Reilly')
Format the given arguments.
Format as a simple string.
Format as a dollar quoted string
Format as an identifier.
Format as a literal.
-
%s
formats the argument value as a simple string. A null value is treated as an empty string. -
%Q
formats the argument value as a dollar quoted string. A null value is treated as an empty string. -
%I
treats the argument value as an SQL identifier, double-quoting it if necessary. It is an error for the value to be null. -
%L
quotes the argument value as an SQL literal. A null value is displayed as the string NULL, without quotes. -
%%
In addition to the format specifiers described above, the special sequence %% may be used to output a literal % character.
MIT