PostgreSQL statement prep issue

I am currently migrating from Retool DB to my own PSQL db. All has been going fine up to the point of changing the Resources for the queries in my app from Retool db to my PSQL db.

The following clause now throws an error from my PSQL server:
image
image

The prepared statement shows:
image

And the "View SQL statement as string" toggle then shows:
image

If I take the full SQL statement and run it directly on my PSQL server, it executes fine. When I have a look in the error log on the PSQL server, I see it is trying to execute with the token instead of the date

Is this a bug or am I doing something wrong? Any alternate ideas? I've tried switching to BETWEEN and >=,<= and get the same issue. This has worked perfectly via Retool DB for some time..

Thanks!!

Found the "Disable converting queries to prepared statements" toggle on the resource! This was the solution.

do note what happens when you use that especially for public facing apps, modules and stuff. i'd suggest ensuring some sort of input cleaning is done after the UI/Retool sends the request and before anything is actually executed by the DB... either by using an API or Postgresql functions and triggers

1 Like

Good call and appreciate the anti-injection consideration! Thankfully nothing here is public facing but a good warning!

1 Like