This is a shared transcript of a chat session with the prisma/prisma repo.
Hi! I am an expert on the prisma/prisma repository.
Ask me anything! Need help prompting? Check out our prompt guide!
How would I go about adding the ability to make custom raw SQL queries in prisma?
21 Results
To add the ability to make custom raw SQL queries in Prisma, you can utilize the $queryRaw and $queryRawUnsafe methods provided by Prisma Client. These methods allow you to execute raw SQL queries directly on your database, offering flexibility for cases where the Prisma Client's auto-generated methods might not suffice.
Using $queryRaw
The $queryRaw method is used for executing prepared statements. It is safer than $queryRawUnsafe because it allows you to parameterize your queries, thus mitigating the risk of SQL injection attacks. Here's how you can use it:
typescript1// Example of using $queryRaw with template strings 2const userId = 1; 3const user = await prisma.$queryRaw`SELECT * FROM User WHERE id = ${userId}`;
Using $queryRawUnsafe
The $queryRawUnsafe method allows you to execute raw SQL directly. It's called "unsafe" because it does not automatically parameterize inputs, making it susceptible to SQL injection if not used carefully. Use this method when you need to execute complex queries that cannot be parameterized as easily, but always ensure to sanitize your inputs:
typescript1// Example of using $queryRawUnsafe 2const userEmail = 'user@example.com'; 3const user = await prisma.$queryRawUnsafe('SELECT * FROM User WHERE email = ?', userEmail);
Defining Custom Raw SQL Queries
If you have specific, frequently used raw SQL queries, you might consider abstracting them into helper functions or extending the Prisma Client with custom methods for ease of use and maintainability.
-
Abstracting into Helper Functions:
You can create helper functions that encapsulate your raw SQL queries, making them reusable and easier to manage:
typescript1async function findUserByEmail(email: string) { 2 return await prisma.$queryRaw`SELECT * FROM User WHERE email = ${email}`; 3} -
Extending Prisma Client:
While Prisma Client does not directly support adding custom methods to the generated client, you can wrap the Prisma Client instance in your own class or module and add custom methods that execute raw SQL queries:
typescript1class MyPrismaClient { 2 constructor(private prisma: PrismaClient) {} 3 4 async findUserByEmail(email: string) { 5 return this.prisma.$queryRaw`SELECT * FROM User WHERE email = ${email}`; 6 } 7} 8 9const myPrisma = new MyPrismaClient(new PrismaClient());
Important Considerations
- Always be cautious with raw SQL to avoid SQL injection vulnerabilities, especially with
$queryRawUnsafe. - Use parameterized queries with
$queryRawwhenever possible for better security. - Consider abstracting complex queries into helper functions or extending the Prisma Client for better code organization and reusability.
By following these guidelines, you can effectively add the ability to make custom raw SQL queries in Prisma, leveraging the full power of SQL while maintaining the benefits of using Prisma Client.
Pick up where this conversation left off.