Sometimes you need to write your own database commands directly to do things that tools can't do easily.
const result = await db.raw('YOUR SQL QUERY HERE', [optionalParams]);
Use db.raw() to run raw SQL queries in Express with a database library like Knex.
You can pass parameters safely to avoid SQL injection by using placeholders and an array of values.
const users = await db.raw('SELECT * FROM users WHERE age > ?', [18]);
const count = await db.raw('SELECT COUNT(*) FROM orders');
const result = await db.raw('UPDATE products SET price = price * 1.1 WHERE category = ?', ['books']);
This Express app uses a raw SQL query to get users aged 18 or older from an in-memory SQLite database and returns them as JSON.
import express from 'express'; import knex from 'knex'; const app = express(); const db = knex({ client: 'sqlite3', connection: { filename: ':memory:' }, useNullAsDefault: true }); // Setup a simple table and data await db.schema.createTable('users', table => { table.increments('id'); table.string('name'); table.integer('age'); }); await db('users').insert([ { name: 'Alice', age: 25 }, { name: 'Bob', age: 17 }, { name: 'Charlie', age: 30 } ]); app.get('/adults', async (req, res) => { const adultsResult = await db.raw('SELECT name, age FROM users WHERE age >= ?', [18]); const adults = adultsResult.rows || adultsResult; // Adjust for different DB clients res.json(adults); }); app.listen(3000, () => { console.log('Server running on http://localhost:3000'); });
Always use parameter placeholders (?) and pass values as an array to avoid SQL injection risks.
Raw queries bypass some safety and convenience features, so use them only when necessary.
Check your database library's documentation for exact syntax and return formats of raw queries.
Raw queries let you write direct SQL commands when needed.
Use placeholders and parameters to keep queries safe.
Good for special cases where normal query builders can't help.