Update README

This commit is contained in:
Timothy Warren 2016-02-01 18:55:53 -05:00
parent 11f869b327
commit c4006da1cb

View File

@ -22,7 +22,7 @@ A node query builder for various SQL databases, based on [CodeIgniter](http://ww
[![NPM](https://nodei.co/npm/ci-node-query.png?downloads=true&downloadRank=true)](https://nodei.co/npm/ci-node-query/) [![NPM](https://nodei.co/npm/ci-node-query.png?downloads=true&downloadRank=true)](https://nodei.co/npm/ci-node-query/)
### Basic use ### Basic use
```javascript
var nodeQuery = require('ci-node-query'); var nodeQuery = require('ci-node-query');
var connection = ... // Database module connection var connection = ... // Database module connection
@ -62,6 +62,7 @@ A node query builder for various SQL databases, based on [CodeIgniter](http://ww
queryPromise.then(function(res) { queryPromise.then(function(res) {
// Handle query results // Handle query results
}); });
```
### Security notes ### Security notes
As of version 2, `where` and `having` type methods parse the values passed to look for function calls. While values passed are still passed as query parameters, take care to avoid passing these kinds of methods unfiltered input. SQL function arguments are not currently parsed, so they need to be properly escaped for the current database. As of version 2, `where` and `having` type methods parse the values passed to look for function calls. While values passed are still passed as query parameters, take care to avoid passing these kinds of methods unfiltered input. SQL function arguments are not currently parsed, so they need to be properly escaped for the current database.