Replies: 1 comment 2 replies
-
Well, you cant query UUID by a non-UUID - you can query it by a string UUID, just not with any random string. I don't understand what more would you expect from the ORM. I don't think ignoring user-provided queries, even if they are invalid, would be a good idea. Quite unexpected to me, and could lead to potential security issues (e.g. you add a query to limit the results, its malformed because user provides some invalid value to it - you don't want to ignore that, your query needs to fail instead of returning some random results. Note that you can create your own custom type that will validate the value before it gets passed down to any query. The only difference would be having the error message under control instead of relying on those returned by the database. |
Beta Was this translation helpful? Give feedback.
-
Using PostgreSQL (at least, I'm not sure for others), uuid types cannot be queried using non uuid formats.
Otherwise, you get a
invalid input syntax for type uuid: "my-awesome-string"
.To prevent that, we've to check is the string is a uuid.
For example, in a
OR
statement.2 votes ·
Beta Was this translation helpful? Give feedback.
All reactions