ducky/query
Query execution and result handling.
Values
pub fn query(
conn: connection.Connection,
sql: String,
) -> Result(types.DataFrame, error.Error)Executes a SQL query and returns structured results.
The query runs on a dirty scheduler to avoid blocking the BEAM. Large result sets are streamed to prevent memory exhaustion.
Examples
query(conn, "SELECT id, name FROM users WHERE active = true")
// => Ok(DataFrame(columns: ["id", "name"], rows: [...]))
pub fn query_params(
conn: connection.Connection,
sql: String,
params: List(types.Value),
) -> Result(types.DataFrame, error.Error)Executes a parameterized SQL query with bound parameters to prevent SQL injection.
Examples
query_params(conn, "SELECT * FROM users WHERE id = ? AND age > ?", [
types.Integer(42),
types.Integer(18),
])
// => Ok(DataFrame(...))
Security
Always use this function when including user input in queries:
// UNSAFE - SQL injection risk
query(conn, "SELECT * FROM users WHERE name = '" <> user_input <> "'")
// SAFE - parameters are properly escaped
query_params(conn, "SELECT * FROM users WHERE name = ?", [types.Text(user_input)])