From 7ea911b4dfa00bb04fabf1242a822343a9175622 Mon Sep 17 00:00:00 2001
From: Kevin Walker <kevin@smartive.ch>
Date: Tue, 22 Oct 2024 15:39:27 +0200
Subject: [PATCH] Revert "fix: pass query_ids as parameter to prevent SQL
 injection (#16)"

This reverts commit cd1f4549451b6c2054d90c24d9459681590def9d.
---
 src/cache-tags.ts | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/cache-tags.ts b/src/cache-tags.ts
index 407c09c..5af6bd9 100644
--- a/src/cache-tags.ts
+++ b/src/cache-tags.ts
@@ -62,10 +62,8 @@ export const queriesReferencingCacheTags = async (cacheTags: CacheTag[]): Promis
   if (!cacheTags?.length) {
     return [];
   }
-  const placeholders = cacheTags.map(() => '?').join(', ');
   const { rows }: { rows: { query_id: string }[] } = await sql.query(
-    `SELECT DISTINCT query_id FROM query_cache_tags WHERE cache_tag IN (${placeholders})`,
-    cacheTags,
+    `SELECT DISTINCT query_id FROM query_cache_tags WHERE cache_tag IN (${cacheTags.map((cacheTag) => `'${cacheTag}'`).join(', ')})`,
   );
 
   return rows.map((row) => row.query_id);