In our project, we have methods that take a WHERE condition as string literal parameter.
Using SQL injection directly, this really work because the partial query isn't proper SQL and fails syntax checks and age and name don't resolve to proper columns.
students.where("age > 10 AND name LIKE 'Doe%'");
I would like to create a plugin/language injection extension that provides the context within which the SQL is evaluated.
I would imagine something like:
prefix = "SELECT * FROM " + determineTable() + " WHERE";
postfix = ""
Are there any hooks I can use to facilitate this functionality?