Hacker News new | past | comments | ask | show | jobs | submit login

I don't think it's abuse, but rather a very appropriate use of ES6 template string functions. I think the point is that you can do:

> const kid = sq.from`person`.where`age < ${kids_age}`

and it will be safe from SQL injection, because `where` is probably defined something like:

    function where(strings, ...interpolations) {
      var result = "";
      for (var i = 0; i < interpolations.length; i++) {
        result += strings[i] + this.sql_quote(interpolations[i]);
      }
      result += strings[interpolations.length];
      return this.add_to_query(result);
    }
EDIT: I agree with your EDIT.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: