Noob Ecto Questions about fragment/1


I am trying to better understand how Ecto.Query.API.fragment/1 works under the hood. I was wondering if anyone could help me with the following:

  1. Why is the parity 1 when in examples like below, it looks like the parity is 2:
from p in Post,
  where: is_nil(p.published_at) and
         fragment("lower(?)", p.title) == ^title
  1. When I look for the implementation of this function in the source code, it says the function is for documentation purposes only. How can I learn how the function is implemented?
  1. Do fragments prevent sql injections? If so, is it similar to how a prepared statement works? The syntax looks similar.

Thank you.

Fragment is part of the Ecto DSL which is implemented with macros. This is why the “function” (it’s not a function call) can actually take in any amount of arguments. The documentation generator requires a specified arity (not parity), so 1 is used there (not sure why they’re documented as functions and not macros though).

The meat of fragments is implemented in – but as it’s macro stuff, it’s pretty difficult to read for a first timer.

Fragments indeed don’t use string interpolation if you add the inputs as parameters to the call like in the examples, so it prevents injection AFAIK.