1 |
HugSQL is a Clojure library for embracing SQL. |
2 |
right tool for the job |
3 |
HugSQL defaults to using the clojure.java.jdbc library to run underlying database commands. If you would prefer to use another underlying database library instead of clojure.java.jdbc, such as clojure.jdbc, please see HugSQL Adapters |
4 |
The Princess Bride |
5 |
The Princess Bride |
6 |
The Princess Bride |
7 |
It's worth noting that a snippet returns an sqlvec. This small detail gives you a great deal of flexibility in providing snippets to your HugSQL queries. Why? Because you don't necessarily need to create your own snippet DSL: you could use another library for this. It is the best of both worlds! This exercise is left to the reader. |
8 |
Please note that as of clojure.java.jdbc 0.5.8 and HugSQL 0.4.7, the above additional options are now required to be a hashmap instead of keyword arguments as in previous versions. In clojure.java.jdbc 0.5.8 the deprecated usage will emit a warning. In clojure.java.jdbc 0.6.0 the usage is deprecated and not allowed. See the clojure.java.jdbc changelog for details. |
9 |
The use of a tuple in the above manner is not supported by all databases. Postgresql, MySQL, and H2 support it. Derby, HSQLDB, and SQLite do not support it. |
10 |
The use of a tuple list in the above manner is not supported by all databases. Postgresql, MySQL, H2, Derby, and SQLite support it. HSQLDB does not support it. |
11 |
BATCH INSERTS: It should be noted that Tuple List Parameter support is only support for SQL INSERT...VALUES (...),(...),(...) syntax. This is appropriate for small-ish multi-record inserts. However, this is different than large batch support. The underlying JDBC driver for your database has a limit to the size of the SQL and the number of allowed bind parameters. If you are doing large batch inserts, you should map or doseq over your HugSQL-generated insert function within a transaction. |
12 |
If you are taking identifiers from user input, you should use the :quoting option to properly quote and escape identifiers to prevent SQL injection! |
13 |
You should take special care to always properly validate any incoming user input before using Raw SQL Parameters to prevent an SQL injection security issue. |
14 |
using SQL |
15 |
embraces |
16 |
--Curtis Summers (Feb 2016) |
17 |
think in SQL |
18 |
If you are taking identifiers from user input, you should use the :quoting option to prevent SQL injection! See Identifier Parameters for details. |
19 |
Raw SQL (Keyword) Parameters are exactly what they seem, and it is your responsibility to sanitize any usage of this parameter type when using user input. |