

Javascript library for building SQL query strings - areski
http://hiddentao.github.io/squel/

======
bradleyland
This strikes me as the understatement of the year:

> NOTE: It is recommended that you do NOT create queries browser-side to run
> on the server as this massively increases your exposure to SQL Injection
> attacks.

It should be more than recommended against. If you accept SQL built on the
client, you should have your keyboard taken away and replaced with one of
those little plastic xylophones they give to three year olds.

~~~
joshguthrie
Which strikes me: why even make the library usable client-side?

~~~
daGrevis
One may create alternative for Adminer (SQL admin in browser) that constructs
queries somehow graphically on client side. If that is the case, any SQL from
client is trusted.

People should NOT try to stop others from doing stupid things, only warn.
After all, we all are responsible adults and we are not idiots.

------
franzwong
Is is really less effort?

I can simply write "SELECT a,b,c from table" instead of
s.select().from('table').field('a').field('b').field('c').

