SQL Identifier Parameters
Identifier Parameters are replaced at runtime with an optionally-quoted SQL identifier.
Identifier Parameters' type is :identifier, or :i for short.
SQL
--:name identifier-param :? :*
select * from :i:table-name
Clojure
(identifier-param-sqlvec {:table-name "example"})
;=> ["select * from example"]
As of HugSQL 0.4.6, Identifier Parameters support SQL aliases:
Clojure
(identifier-param-sqlvec {:table-name ["example" "my_example"]})
;=> ["select * from example as my_example"]
By default, identifiers are not quoted. You can specify your desired quoting as an option when defining your functions or as an option when calling your function.
danger
If you are taking identifiers from user input, you should use the :quoting option to properly quote and escape identifiers to prevent SQL injection!
Valid :quoting options provided to hugsql.core/def-db-fns (and friends) are:
:ansidouble-quotes:"identifier":mysqlbackticks:`identifier`:mssqlsquare brackets:[identifier]:offno quoting (default)
Identifiers containing a period/dot . are split, quoted separately, and then rejoined. This supports myschema.mytable conventions.
Clojure
(hugsql.core/def-db-fns "path/to/good.sql" {:quoting :ansi})
(identifier-param-sqlvec {:table-name "example"})
;=> ["select * from \"example\""]
(identifier-param-sqlvec {:table-name "schema1.example"} {:quoting :mssql})
;=> ["select * from [schema1].[example]"]