Is it possible to bind parameters in the select clause using TypeORM?

I'm currently working on implementing a search feature using the pg_trgm module in my PostgreSQL project built with TypeScript and TypeOrm. My SQL query that works for me looks like this:

SELECT t, similarity(t, 'word') AS sml
  FROM test_trgm
  WHERE t % 'word'
  ORDER BY sml DESC, t;

However, as I began integrating it into my builder, I realized that I am unable to protect the select statement from SQL injection because TypeOrm does not provide a way to bind parameters in any of its select methods (like SelectQueryBuilder::addSelect, SelectQueryBuilder::select).

Below is an example of my vulnerable method:

...
applySearch(builder: SelectQueryBuilder<any>, needle: string) {
    if (needle) {
      builder.addSelect(`similarity(title, ${needle})`);
      builder.andWhere('title % :needle', { needle });
    }
  }
...

If anyone knows of a better way to implement this search functionality within my current technology stack, I would greatly appreciate the advice.

postgresqltypescripttypeorm

Answer №1

My situation required a solution similar to yours, but unfortunately, your approach did not work for me. If you are considering changing the parameter in the select query, you might want to explore setParameter, which is essentially what the second parameter of addWhere accomplishes internally.

https://github.com/typeorm/typeorm/blob/master/docs/select-query-builder.md#using-parameters-to-escape-data

In your specific case, you could have proceeded with:

applySearch(builder: SelectQueryBuilder<any>, needle: string) {
    if (needle) {
      builder.addSelect(`similarity(title, :title)`);
      builder.andWhere('title % :needle', { needle });
      builder.setParameter('title', needle);
    }
  }

Answer №2

The resolution for this matter was to utilize the same binding key in both the where and select statements as shown below.

applySearch(builder: SelectQueryBuilder<any>, needle: string) {
    if (needle) {
      builder.addSelect(`similarity(title, :needle)`);
      builder.andWhere('title % :needle', { needle });
    }
  }

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Creating TypeScript models from a JSON response in React components

My Angular 2 application retrieves a JSON string, and I am looking to map its values to a model. According to my understanding, a TypeScript model file is used to assist in mapping an HTTP Get response to an object - in this case, a class named 'Custo ...

javascriptangularjsjsontypescriptangular

What is the best way to transfer image files into a specific folder?

I am currently in the process of developing a ReactJS web application. My goal is to upload images to a specific folder and then store the file name in the database for future use. Everything seems to be working smoothly up to this point, but I am facing ...

reactjstypescriptasp.net-core

Can one mimic a TypeScript decorator?

Assuming I have a method decorator like this: class Service { @LogCall() doSomething() { return 1 + 1; } } Is there a way to simulate mocking the @LogCall decorator in unit tests, either by preventing it from being applied or by a ...

angularunit-testingtypescriptmockingdecorator

MUI Autocomplete refuses to accept a value

In my Autocomplete feature, I have a list of all users available. When a user clicks on a button from another site, they are redirected to this site and the user's ID is fetched. I want the user with the corresponding ID to be automatically selected, ...

reactjstypescriptmaterial-ui

Tips for integrating an arrow function as a property in a functional programming approach using JavaScript or TypeScript

Suppose I were to create a constructor for a functional class with TypeA as an argument, and TypeB representing the type of the class itself. In such cases, I can implement it using: functionName(argument: TypeA): TypeB { this.property = argument; ...

javascripttypescriptfunctional-programming

What is the best way to incorporate vertical scrolling into a React material table?

I'm having trouble getting vertical scroll to work with my material table in React Typescript. Horizontal scroll is functioning properly for large data, but I'm stuck on implementing the vertical scroll. Here's my code: {isLoading ? ...

reactjstypescriptmaterial-uimaterial-table

VueJS - When using common functions, the reference to "this" may be undefined

I'm struggling to extract a function that can be used across various components. The issue is that when I try to use "this", it is coming up as undefined. I'm not sure of the best practice for handling this situation and how to properly assign th ...

javascripttypescriptvue.jsecmascript-6

Testing TypeScript functionality within the Eclipse environment with unit tests

Is there a method to test TypeScript code on the Eclipse platform? I'm searching for something similar to JUnit, but most of the tools I've come across are geared towards Visual Studio. ...

eclipsetypescript

The parameter of type "Construct" cannot be assigned the argument of type "undefined"

I attempted to use code example from the AWS CDK documentation, but it did not function as I had anticipated. Using CDK version 2.62.2 with Typescript. In various parts of the code, a declaration error occurs stating that The argument of type "undefi ...

typescriptamazon-web-servicesamazon-ec2amazon-ecsaws-cdk

Leveraging TypeScript to share information between directives in AngularJS through asynchronous calls

Although I've found some scattered information on how to tackle this issue, I haven't been able to find a solid solution. In my AngularJS application, I have an asynchronous call that fetches data from a server and I need to store it in a variab ...

javascriptangularjsasynchronoustypescriptangular-promise

Avoiding type errors in d3 v5 axis by using Typescript

I am new to TypeScript and I have some code that is functioning perfectly. I believe if I define a type somewhere, d3's generics will come into play? Within my code, I have an xAxis and a yAxis. Both are the same, but D3 seems to have an issue with t ...

javascripttypescriptd3.js

Generic type array does not display property

I feel like I must be overlooking something. It seems too straightforward to be causing issues for me. Database.ts export class Database { id: number; } search-input.ts import { Database } from './../resources/database'; import { Inje ...

angulartypescript

The column in the knex SQL query must either be included in the GROUP BY clause or used within an aggregate function

Currently, I am utilizing postgres and knex in NodeJS to aggregate session_ids by hours within a specified date range. The format of my start_timestamp is 2016-12-12 14:53:17.243-05. The objective is to group all records by the hour like so: The hour 14: ...

node.jspostgresqlknex.js

Can the ngx-chips library be used to alter the language of chips?

Currently, I am working with the ngx-chips library and encountering a particular issue. Here is an image representation of the problem: The challenge I am facing involves updating the language of the chips based on the selection made in a dropdown menu. A ...

javascriptangulartypescriptngx-chips

looking to showcase the highest 'levelNumber' of elements within an array

arr1 = [ { "levelNumber": "2", "name": "abc", }, { "levelNumber": "3", "name": "abc" }, { "levelNumber": "3", "name": &quo ...

javascriptnode.jsarraystypescriptreduce

SequelizeEagerLoadingError: There is no association between the model and the otherModel

I've come across this issue several times on various forums but haven't been able to resolve it yet. My setup involves Express and PostgreSQL with Sequelize ORM. The problem lies in the one-to-one relationship between two models: Campus and Acad ...

node.jspostgresqlexpresssequelize.js

Using TypeScript to automatically deduce the output type of a function by analyzing the recursive input type

I am currently working on developing an ORM for a graph database using TypeScript. Specifically, I am focusing on enhancing the "find" method to retrieve a list of a specific entity. The goal is to allow the function to accept a structure detailing the joi ...

typescriptconditional-typesrecursive-type

What is the best way to customize a React component using TypeScript?

Let's say I have a functional component like this: function MyComp({a, b, c, d, e, f}: any) { ... } Is there a way to create a specialized version of this component where I provide values for "a" and "b," but allow other users to choose the r ...

reactjstypescript

Exploring TypeScript's type checking functionality

I've been pondering about the concept of type guards in TypeScript, particularly regarding their necessity when only one type is defined in a method signature. Most examples in the TypeScript documentation focus on scenarios involving union types, lik ...

angulartypescript

Angular Material's <mat-select> tag allows for the inclusion of an <input> element within it

I am attempting to place an input element inside the mat-select tag of the Angular Material element. However, I am facing an issue where I cannot input any text into the input field inside the select element. Below is the code I am using to search for elem ...

htmlangulartypescriptbootstrap-4angular-material