fix(postgres-emitter): use parameterized query to send the NOTIFY command

Related: - https://github.com/socketio/socket.io-postgres-emitter/issues/1 - https://github.com/socketio/socket.io-postgres-adapter/pull/1
2026-01-09 15:08:12 -05:00 · 2025-09-05 07:07:57 +02:00
parent c7144920e3
commit 32257b6cb8
1 changed files with 8 additions and 6 deletions
--- a/packages/socket.io-postgres-emitter/lib/index.ts
+++ b/packages/socket.io-postgres-emitter/lib/index.ts
@@ -380,9 +380,10 @@ export class BroadcastOperator<
        document.type,
        this.emitter.channel,
      );
-      await this.emitter.pool.query(
-        `NOTIFY "${this.emitter.channel}", '${payload}'`,
-      );
+      await this.emitter.pool.query("SELECT pg_notify($1, $2)", [
+        this.emitter.channel,
+        payload,
+      ]);
    } catch (err) {
      // @ts-ignore
      this.emit("error", err);
@@ -407,9 +408,10 @@ export class BroadcastOperator<
      type: document.type,
      attachmentId,
    });
-    this.emitter.pool.query(
-      `NOTIFY "${this.emitter.channel}", '${headerPayload}'`,
-    );
+    await this.emitter.pool.query("SELECT pg_notify($1, $2)", [
+      this.emitter.channel,
+      headerPayload,
+    ]);
  }

  /**