Using SQL directly is a good way to use some of the more interesting parts of SQL that Ecto does not provide a ready abstraction for in its DSL. And parameterization is necessary to avoid SQL injection and just to be able to deal with single quotes correctly. Its fairly straight forward once you find the right module (
Ecto.Adapters.SQL) and function (
query!). Parameters are indicated by
sql = """ select * from users where name = $1; """ results = Ecto.Adapters.SQL.query!(MyApp.Repo, sql, ["chris"])
There is also a
stream function on the
Ecto.Adapters.SQL module with the same signature as
query but the documentation doesn’t necessarily state the advantages or situations where it may be useful. More to learn.