zzstoatzz.io
+8
-23
README.md
+8
-23
README.md
···
5
5
```zig
6
6
const Q = zql.Query("SELECT id, name FROM users WHERE id = :id");
7
7
8
-
// named params -> prepared statement
9
8
db.query(Q.positional, Q.bind(.{ .id = user_id }));
10
9
11
-
// type-safe row mapping
12
10
const user = Q.fromRow(User, row);
13
11
```
14
12
15
-
## why
16
-
17
-
sql injection is prevented by construction. the sql string is comptime - you can't concatenate runtime values into it. parameters are bound separately via prepared statements.
13
+
## what it does
18
14
19
-
```zig
20
-
// this doesn't compile - user_input isn't comptime
21
-
const Q = zql.Query("SELECT * FROM users WHERE id = '" ++ user_input ++ "'");
22
-
```
23
-
24
-
## features
25
-
26
-
| feature | what it does |
27
-
|---------|--------------|
28
-
| `Q.positional` | sql with `:name` converted to `?` |
29
-
| `Q.bind(.{...})` | struct args → tuple in param order |
30
-
| `Q.columns` | column names extracted from SELECT |
31
-
| `Q.fromRow(T, row)` | map row to struct with comptime validation |
15
+
| | |
16
+
|-|-|
17
+
| `Q.positional` | `:name` → `?` |
18
+
| `Q.bind(.{...})` | struct → tuple in param order |
19
+
| `Q.columns` | column names from SELECT |
20
+
| `Q.fromRow(T, row)` | row → struct |
32
21
33
22
## install
34
23
···
36
25
// build.zig.zon
37
26
.zql = .{
38
27
.url = "https://github.com/zzstoatzz/zql/archive/main.tar.gz",
39
-
.hash = "...", // zig build will tell you
28
+
.hash = "...",
40
29
},
41
30
42
31
// build.zig
43
32
exe.root_module.addImport("zql", b.dependency("zql", .{}).module("zql"));
44
33
```
45
-
46
-
## status
47
-
48
-
alpha. api may change.