Task: Add bound parameters to sqlgen
This page documents a task in the sqlgen improvements story. It captures the goal, current status, acceptance, and any notes or results.
Goal
Add native bound-parameter support to sqlgen so we can stop using libpq escapes for SQL-injection safety.
Status
| Field | Value |
|---|---|
| State | BLOCKED |
| Parent story | sqlgen improvements |
| Now | BLOCKED on upstream sqlgen support. |
| Waiting on | getml/sqlgen#119 to merge. |
| Next | Pick up once upstream lands the feature. |
| Last touched | 2026-02-06 |
Acceptance
- Bound parameters supported across sqlgen sessions and connections.
- Existing libpq escape sites migrated.
Plan
Captured during execution; cleared into the parent story on close.
Notes
BLOCKED on upstream sqlgen feature: getml/sqlgen#119. Once it ships we can finally retire the libpq escapes.
Result
Not landed; waiting on upstream.