Are Prisma queries parameterized to prevent SQL injections? | Prisma | Page 1

sinful umbra Oct 7, 2024, 6:35 PM

#

I was just reading about parameterized queries today and I was wondering does Prisma use parameterized queries under the hood to prevent SQL injections?

I tried searching the docs for info about this, but could only find info about writing raw queries that are parameterized (which is not what I am trying to do)

orchid pondBOT Oct 7, 2024, 6:35 PM

#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

blazing prairie Oct 7, 2024, 6:38 PM

#

Yes, if you turn logging on you can see the queries, it takes a touch more effort to see the parameter values, but it's doable.

orchid pondBOT Oct 7, 2024, 6:39 PM

#

blazing prairie Yes, if you turn logging on you can see the queries, it takes a touch more effor...

Thank you for marking this question as solved!

Learn more

https://answeroverflow.com

sinful umbra Oct 7, 2024, 6:39 PM

#

blazing prairie Yes, if you turn logging on you can see the queries, it takes a touch more effor...

thanks!

blazing prairie Oct 7, 2024, 6:39 PM

#

const { PrismaClient } = require('@prisma/client');

const { config } = require('../../config');

const db = new PrismaClient({ log: config.prisma.log }); // .$extends(withOptimize());

// This will only fire when log has 'query' sent to it
// so no need to disable in dev/prod
db.$on('query', (e) => {
  /* eslint-disable no-console */
  console.log(`Params: ${e.params}`);
  /* eslint-enable no-console */
});

module.exports = {
  db,
};

#

This is my local env config

const devConfig = require('./development');

module.exports = {
    ...devConfig,
    prisma: {
        log: [
            'query',
            'info',
            'warn',
            'error',
        ]
    }
};

#Are Prisma queries parameterized to prevent SQL injections?