Overview Defining a Model Instances Creating Nodes and Relationships Merging Nodes and Relationships Updating Nodes and Relationships Deleting Nodes Deleting Relationships Finding Nodes and Relationships Hooks Temporary Databases
The QueryBuilder class supports all Neo4j clauses. They are used when adding parameters to the QueryBuilder instance (i.e. by calling the parameter methods), in order to generate the intended statement.
Each of them is an attribute of the QueryBuilderParameters type. A union of them is the QueryBuilderParameters['ParameterI'] type.
The final statement will consist of all the given clauses, in the order they are given.
example:
1linkconst queryBuilder = new QueryBuilder()
2link .match({
3link identifier: 'n',
4link label: 'MyLabel',
5link where: {
6link status: 'active'
7link }
8link })
9link .orderBy({
10link identifier: 'n',
11link property: 'age',
12link direction: 'DESC'
13link })
14link .return('a');
15link
16linkconsole.log(queryBuilder.getStatement()); // MATCH (n:A { status: $status }) ORDER BY n.age DESC RETURN n
17linkconsole.log(queryBuilder.getBindParam().get()); // { status: 'active' }
In case the intended statement cannot be added by using the supported clauses, a raw string can be included in the parameters.
Security Warning: The
raw()method inserts strings directly into Cypher queries without any sanitization or parameterization. Never pass user-provided input to this method, as it can lead to Cypher injection attacks. Only use with trusted, hardcoded strings.
1link// SAFE: Using hardcoded string
2linkconst queryBuilder = new QueryBuilder().raw('MATCH (a:A) RETURN a');
3link
4linkconsole.log(queryBuilder.getStatement()); // MATCH (a:A) RETURN a
5linkconsole.log(queryBuilder.getBindParam().get()); // { }
1link// UNSAFE: Never do this!
2link// const userInput = req.body.query;
3link// new QueryBuilder().raw(userInput).run(); // VULNERABLE TO INJECTION