Open
Description
Enhancement hasn't been filed before.
- I have verified this enhancement I'm about to request hasn't been suggested before.
Describe the enhancement you want to request
On this page: https://orm.drizzle.team/docs/rls we have an example of using queries with RLS. These queries recommend using:
await tx.execute(sql`
-- auth.jwt()
select set_config('request.jwt.claims', '${sql.raw(
JSON.stringify(token)
)}', TRUE);
I recently had a user sign into my app, whose session token contained a name value with an apostrophe exTy'ler Marshall.
The sql(raw) spits out raw SQL, but doesn't escape the "'" properly. I was able to avoid this by using:
await tx.execute(
sql`SELECT set_config('request.jwt.claims', ${JSON.stringify(jwtClaim)}::text, TRUE)`
);
But I'm not 100% sure that is equal in functionality. I'm not sure if this is a bug or just a doc enhancement, but afaik this is not just a "my app" thing.