Inline SQL
Also available in Open VSX Registry
Highlight and lint inline SQL strings.
Supported languages are Python, Go, JavaScript, TypeScript, Ruby, Java, C#, Rust, PHP, Lua.
Syntax highlighting works for strings starting with --sql
or any of
the SELECT
, INSERT
, INTO
, DELETE
, UPDATE
, CREATE TABLE
.
Also works with ES6 Template Strings:
const query = sql`
select * from book;
`;
Linting and diagnostics powered entirely by awesome
joereynolds/sql-lint and works for
multiline strings that start with either `--sql
(backtick followed by --sql
),
"--sql
or """--sql
.
Contributors
Safety
The proper way to sanitize data for insertion into your database is to
use placeholders for all variables to be inserted into your SQL strings.
In other words, NEVER do this (Python example):
query = f"INSERT INTO foo (bar, baz) VALUES ( {variable1}, {variable2} )";
Instead, use $
placeholders (or ?
in some databases):
query = "INSERT INTO foo (bar, baz) VALUES ( $1, $2 )";
And then pass the variables to be replaced when you execute the query.
For example with pgx (Go example):
err = conn.QueryRow(
context.Background(),
"select name, weight from widgets where id=$1",
42,
).Scan(&name, &weight)
Integration with real database
Integration with real database is available and controlled through VSCode options:
{
"inlineSQL.enableDBIntegration": true,
"inlineSQL.dbDriver": "postgres",
"inlineSQL.dbHost": "localhost",
"inlineSQL.dbPort": 5432,
"inlineSQL.dbUser": "postgres",
"inlineSQL.dbPassword": "postgres"
}
Examples
Python
JavaScript/TypeScript
Go
Python |
JavaScript/TypeScript |
|
|
Ruby |
Java |
|
|
Limitations
Semantic highlighting
Highlighting does not work with semantic token highlighting enabled (feature provided by some LSP servers).
Currently gopls semantic token highlighting (option gopls.ui.semanticTokens
- off by default)
overrides extension's syntax.
gopls
{
"gopls.ui.semanticTokens": false
}
rust-analyzer
{
"rust-analyzer.highlighting.strings": false
}
C#
{
"csharp.semanticHighlighting.enabled": false
}
Motivation
This small extension is meant to help those who don't use ORM and don't like SQL builders
like squirrel,
but still want inline sql in their code to be something more than magic strings,
helping to avoid small bugs and typos almost instantly.