Fork me on GitHub

Hello guys, is there a way how to pass function params in a safe way in prepared statements? I am using Korma with exec-raw to execute this query

(str "UPDATE " (ComponentTypes component-name)
       " SET tags = tags || ['?']::jsonb WHERE id = ?"))
Then I am calling it with (exec-raw [(get-tag-update-query component-name) [tag id]])) and I am getting The column index is out of range :2, so it basically doesn't recognize the first parameter. It doesn't work even if I remove single quotes. Thanks for help


I'm surprised it doesn't work when you remove the ' but the brackets may be escaping it.


Korma does all sorts of "magic" so I'd recommend trying that update with raw java.jdbc and see if it works.


@seancorfield sure but I would expect Korma to just pass the query to JDBC without any magic when calling exec-raw. But I am gonna try that, thanks


It'll certainly be easier to debug pure java.jdbc 😈 I can help you there, but not with Korma.


What DB are you using? I've never seen SQL like that...


PostgreSQL, it has json(b) type to allow work with JSON (so you can achieve same things like with Mongo but you don't lose relations, transactions, etc)


this query just adds an elements into JSON array which is stored in JSONB column