[DOCS/BUG]: RLS recommends sql.raw for JWT token but breaks if the token contains an apostrophe

[Tigatok]

Enhancement hasn't been filed before.

• I have verified this enhancement I'm about to request hasn't been suggested before.

Describe the enhancement you want to request

On this page: https://orm.drizzle.team/docs/rls we have an example of using queries with RLS. These queries recommend using:

await tx.execute(sql`
          -- auth.jwt()
          select set_config('request.jwt.claims', '${sql.raw(
            JSON.stringify(token)
          )}', TRUE);

I recently had a user sign into my app, whose session token contained a name value with an apostrophe exTy'ler Marshall.
The sql(raw) spits out raw SQL, but doesn't escape the "'" properly. I was able to avoid this by using:

    await tx.execute(
      sql`SELECT set_config('request.jwt.claims', ${JSON.stringify(jwtClaim)}::text, TRUE)`
    );

But I'm not 100% sure that is equal in functionality. I'm not sure if this is a bug or just a doc enhancement, but afaik this is not just a "my app" thing.

[L-Mario564]

When using sql.raw, you have to escape any special characters yourself. We'll eventually update the docs to make this clear.

[Tigatok]

@L-Mario564 are docs not something I can post a PR to? I wouldn't mind writing a note or something.

Edit: nvm I see it as a different repo