Comments (2)
pie6k
commented on May 21, 2024
I'll think about it, but since I'm thinking now about unifing input and output fields into one universal one anyway, it's loosing it's point a bit so I'll defer decision here.
ps. consider using graphql variables instead of putting your values like this into query string. It's perfect opportunity for having sql injection in your api server.
mutation MyMutatiion($userId: ID!) {
user(id: $userId) {
patch(input: { organisation_role: "role" }) {
organisation_role
}
}
}from typegql.
capaj
commented on May 21, 2024
Sounds good 👍 I'll keep this open because if you decide not to unify, it would be good to at least do this one.
Regarding the mutation variables-I am not sure what that has to do with sql injection. You get SQL injection when you pass raw strings to sql query. I never do that in my apps.
Also from the server side these should be equivalent.
The graphql spec says:
A GraphQL query can be parameterized with variables, maximizing query reuse, and avoiding costly string building in clients at runtime.
I have it defined as ID in the schema, so using a parametrized query doesn't help me at all. It only makes usage of that query easier on the client.
Even if you passed an SQL command there, it would be escaped, because on the BE I call http://vincit.github.io/objection.js/#findbyid
from typegql.
Related Issues (20)
- fields defined on a third level and farther of function prototype chain are not registered into schema HOT 2
- [question] returning an instance of a class HOT 4
- graphql-tools 3.0.2 HOT 2
- Documentation: Client Interfaces HOT 10
- allow to register Arg at runtime dynamically HOT 7
- Example of having resolvers in separate files HOT 4
- feature request: @MutationField and @QueryField HOT 7
- Falsy values are being treated as `null`
- Differences from type-graphql HOT 2
- feature request: browser shim
- default params break the compileFieldArgs function
- support Date type by default HOT 4
- mixin support HOT 4
- pls update graphql dependency to latest v14 HOT 1
- Can I somehow pass context directly to resolver? HOT 1
- Pagination Count in Query HOT 1
- Question: Why is the Arg decorator not nullable by default? HOT 2
- Arguments To Query Type Not Exposed/Compiled? HOT 2
- How to use mutation with array? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from typegql.