Query API
Querying is how you find records that match certain conditions, for example:
- Find all comments that belong to a certain post
- Find all verified comments made by John
- Count all verified comments made by John or Lucy published under posts made in the last two weeks
Because queries are executed on the database, and not in JavaScript, they're really fast. It's also how Watermelon can be fast even at large scales, because even with tens of thousands of records total, you rarely need to load more than a few dozen records at app launch.
Defining Queries
@children
The simplest query is made using @children
. This defines a Query
for all comments that belong to a Post
:
class Post extends Model {
// ...
@children('comments') comments
}
➡️ Learn more: Defining Models
Extended Query
To narrow down a Query
(add extra conditions to an existing Query), use .extend()
:
import { Q } from '@nozbe/watermelondb'
import { children, lazy } from '@nozbe/watermelondb/decorators'
class Post extends Model {
// ...
@children('comments') comments
@lazy verifiedComments = this.comments.extend(
Q.where('is_verified', true)
)
@lazy verifiedAwesomeComments = this.verifiedComments.extend(
Q.where('is_awesome', true)
)
}
Note: Use @lazy
when extending or defining new Queries for performance
Custom Queries
You can query any table like so:
import { Q } from '@nozbe/watermelondb'
const users = await database.get('users').query(
// conditions that a user must match:
Q.on('comments', 'post_id', somePostId)
).fetch()
This fetches all users that made a comment under a post with id = somePostId
.
You can define custom queries on a Model like so:
class Post extends Model {
// ...
@lazy commenters = this.collections.get('users').query(
Q.on('comments', 'post_id', this.id)
)
}
Executing Queries
Most of the time, you execute Queries by connecting them to React Components like so:
withObservables(['post'], ({ post }) => ({
post,
comments: post.comments,
verifiedCommentCount: post.verifiedComments.observeCount(),
}))
➡️ Learn more: Connecting to Components
Fetch
To simply get the current list or current count (without observing future changes), use fetch
/ fetchCount
.
const comments = await post.comments.fetch()
const verifiedCommentCount = await post.verifiedComments.fetchCount()
// Shortcut syntax:
const comments = await post.comments
const verifiedCommentCount = await post.verifiedComments.count
Query conditions
import { Q } from '@nozbe/watermelondb'
// ...
database.get('comments').query(
Q.where('is_verified', true)
)
This will query all comments that are verified (all comments with one condition: the is_verified
column of a comment must be true
).
When making conditions, you refer to column names of a table (i.e. is_verified
, not isVerified
). This is because queries are executed directly on the underlying database.
The second argument is the value we want to query for. Note that the passed argument must be the same type as the column (string
, number
, or boolean
; null
is allowed only if the column is marked as isOptional: true
in the schema).
Empty query
const allComments = await database.get('comments').query().fetch()
A Query with no conditions will find all records in the collection.
Note: Don't do this unless necessary. It's generally more efficient to only query the exact records you need.
Multiple conditions
database.get('comments').query(
Q.where('is_verified', true),
Q.where('is_awesome', true)
)
This queries all comments that are both verified and awesome.
Conditions with other operators
Query | JavaScript equivalent |
---|---|
Q.where('is_verified', true) | is_verified === true (shortcut syntax) |
Q.where('is_verified', Q.eq(true)) | is_verified === true |
Q.where('archived_at', Q.notEq(null)) | archived_at !== null |
Q.where('likes', Q.gt(0)) | likes > 0 |
Q.where('likes', Q.weakGt(0)) | likes > 0 (slightly different semantics — see "null behavior" for details) |
Q.where('likes', Q.gte(100)) | likes >= 100 |
Q.where('dislikes', Q.lt(100)) | dislikes < 100 |
Q.where('dislikes', Q.lte(100)) | dislikes <= 100 |
Q.where('likes', Q.between(10, 100)) | likes >= 10 && likes <= 100 |
Q.where('status', Q.oneOf(['published', 'draft'])) | ['published', 'draft'].includes(status) |
Q.where('status', Q.notIn(['archived', 'deleted'])) | status !== 'archived' && status !== 'deleted' |
Q.where('status', Q.like('%bl_sh%')) | /.*bl.sh.*/i (See note below!) |
Q.where('status', Q.notLike('%bl_sh%')) | /^((!?.*bl.sh.*).)*$/i (Inverse regex match) (See note below!) |
Q.where('status', Q.includes('promoted')) | status.includes('promoted') |
LIKE / NOT LIKE
You can use Q.like
for search-related tasks. For example, to find all users whose username start with "jas" (case-insensitive) you can write
usersCollection.query(
Q.where("username", Q.like(`${Q.sanitizeLikeString("jas")}%`)
)
where "jas"
can be changed dynamically with user input.
Note that the behavior of Q.like
is not exact and can differ somewhat between implementations (SQLite vs LokiJS). For instance, while the comparison is case-insensitive, SQLite cannot by default compare non-ASCII characters case-insensitively (unless you install ICU extension). Use Q.like
for user input search, but not for tasks that require a precise matching behavior.
Note: It's NOT SAFE to use Q.like
and Q.notLike
with user input directly, because special characters like %
or _
are not escaped. Always sanitize user input like so:
Q.like(`%${Q.sanitizeLikeString(userInput)}%`)
Q.notLike(`%${Q.sanitizeLikeString(userInput)}%`)
AND/OR nesting
You can nest multiple conditions using Q.and
and Q.or
:
database.get('comments').query(
Q.where('archived_at', Q.notEq(null)),
Q.or(
Q.where('is_verified', true),
Q.and(
Q.where('likes', Q.gt(10)),
Q.where('dislikes', Q.lt(5))
)
)
)
This is equivalent to archivedAt !== null && (isVerified || (likes > 10 && dislikes < 5))
.
Conditions on related tables ("JOIN queries")
For example: query all comments under posts published by John:
// Shortcut syntax:
database.get('comments').query(
Q.on('posts', 'author_id', john.id),
)
// Full syntax:
database.get('comments').query(
Q.on('posts', Q.where('author_id', Q.eq(john.id))),
)
Normally you set conditions on the table you're querying. Here we're querying comments, but we have a condition on the post the comment belongs to.
The first argument for Q.on
is the table name you're making a condition on. The other two arguments are same as for Q.where
.
Note: The two tables must be associated before you can use Q.on
.
Multiple conditions on a related table
For example: query all comments under posts that are written by John and are either published or belong to draftBlog
database.get('comments').query(
Q.on('posts', [
Q.where('author_id', john.id)
Q.or(
Q.where('published', true),
Q.where('blog_id', draftBlog.id),
)
]),
)
Instead of an array of conditions, you can also pass Q.and
, Q.or
, Q.where
, or Q.on
as the second argument to Q.on
.
Nesting Q.on
within AND/OR
If you want to place Q.on
nested within Q.and
and Q.or
, you must explicitly define all tables you're joining on. (NOTE: The Q.experimentalJoinTables
API is subject to change)
tasksCollection.query(
Q.experimentalJoinTables(['projects']),
Q.or(
Q.where('is_followed', true),
Q.on('projects', 'is_followed', true),
),
)
Deep Q.on
s
You can also nest Q.on
within Q.on
, e.g. to make a condition on a grandparent. You must explicitly define the tables you're joining on. (NOTE: The Q.experimentalNestedJoin
API is subject to change). Multiple levels of nesting are allowed.
// this queries tasks that are inside projects that are inside teams where team.foo == 'bar'
tasksCollection.query(
Q.experimentalNestedJoin('projects', 'teams'),
Q.on('projects', Q.on('teams', 'foo', 'bar')),
)
Advanced Queries
Advanced observing
Call query.observeWithColumns(['foo', 'bar'])
to create an Observable that emits a value not only when the list of matching records changes (new records/deleted records), but also when any of the matched records changes its foo
or bar
column. Use this for observing sorted lists
Count throttling
By default, calling query.observeCount()
returns an Observable that is throttled to emit at most once every 250ms. You can disable throttling using query.observeCount(false)
.
Column comparisons
This queries comments that have more likes than dislikes. Note that we're comparing likes
column to another column instead of a value.
database.get('comments').query(
Q.where('likes', Q.gt(Q.column('dislikes')))
)
sortBy, take, skip
You can use these clauses to sort the query by one or more columns. Note that only simple ascending/descending criteria for columns are supported.
database.get('comments').query(
// sorts by number of likes from the most likes to the fewest
Q.sortBy('likes', Q.desc),
// if two comments have the same number of likes, the one with fewest dislikes will be at the top
Q.sortBy('dislikes', Q.asc),
// limit number of comments to 100, skipping the first 50
Q.skip(50),
Q.take(100),
)
It isn't necessarily better or more efficient to sort on query level instead of in JavaScript, however the most important use case for Q.sortBy
is when used alongside Q.skip
and Q.take
to implement paging - to limit the number of records loaded from database to memory on very long lists
Fetch IDs
If you only need IDs of records matching a query, you can optimize the query by calling await query.fetchIds()
instead of await query.fetch()
Security
Remember that Queries are a sensitive subject, security-wise. Never trust user input and pass it directly into queries. In particular:
- Never pass into queries values you don't know for sure are the right type (e.g. value passed to
Q.eq()
should be a string, number, boolean, or null -- but not an Object. If the value comes from JSON, you must validate it before passing it!) - Never pass column names (without whitelisting) from user input
- Values passed to
oneOf
,notIn
should be arrays of simple types - be careful they don't contain objects - Do not use
Q.like
/Q.notLike
withoutQ.sanitizeLikeString
- Do not use
unsafe raw queries
without knowing what you're doing and sanitizing all user input
Unsafe SQL queries
const records = await database.get('comments').query(
Q.unsafeSqlQuery(`select * from comments where foo is not ? and _status is not 'deleted'`, ['bar'])
).fetch()
const recordCount = await database.get('comments').query(
Q.unsafeSqlQuery(`select count(*) as count from comments where foo is not ? and _status is not 'deleted'`, ['bar'])
).fetchCount()
You can also observe unsafe raw SQL queries, however, if it contains JOIN
statements, you must explicitly specify all other tables using Q.experimentalJoinTables
and/or Q.experimentalNestedJoin
, like so:
const records = await database.get('comments').query(
Q.experimentalJoinTables(['posts']),
Q.experimentalNestedJoin('posts', 'blogs'),
Q.unsafeSqlQuery(
'select comments.* from comments ' +
'left join posts on comments.post_id is posts.id ' +
'left join blogs on posts.blog_id is blogs.id' +
'where ...',
),
).observe()
⚠️ Please note:
- Do not use this if you don't know what you're doing
- Do not pass user input directly to avoid SQL Injection - use
?
placeholders and pass array of placeholder values - You must filter out deleted record using
where _status is not 'deleted'
clause - If you're going to fetch count of the query, use
count(*) as count
as the select result
Unsafe fetch raw
In addition to .fetch()
and .fetchIds()
, there is also .unsafeFetchRaw()
. Instead of returning an array of Model
class instances, it returns an array of raw objects.
You can use it as an unsafe optimization, or alongside Q.unsafeSqlQuery
/Q.unsafeLokiTransform
to create an advanced query that either skips fetching unnecessary columns or includes extra computed columns. For example:
const rawData = await database.get('posts').query(
Q.unsafeSqlQuery(
'select posts.text1, count(tag_assignments.id) as tag_count, sum(tag_assignments.rank) as tag_rank from posts' +
' left join tag_assignments on posts.id = tag_assignments.post_id' +
' group by posts.id' +
' order by posts.position desc',
)
).unsafeFetchRaw()
⚠️ You MUST NOT mutate returned objects. Doing so will corrupt the database.
Unsafe SQL/Loki expressions
You can also include smaller bits of SQL and Loki expressions so that you can still use as much of Watermelon query builder as possible:
// SQL example:
postsCollection.query(
Q.where('is_published', true),
Q.unsafeSqlExpr('tasks.num1 not between 1 and 5'),
)
// LokiJS example:
postsCollection.query(
Q.where('is_published', true),
Q.unsafeLokiExpr({ text1: { $contains: 'hey' } })
)
For SQL, be sure to prefix column names with table name when joining with other tables.
⚠️ Please do not use this if you don't know what you're doing. Do not pass user input directly to avoid SQL injection.
Multi-table column comparisons and Q.unsafeLokiTransform
Example: we want to query comments posted more than 14 days after the post it belongs to was published.
There's sadly no built-in syntax for this, but can be worked around using unsafe expressions like so:
// SQL example:
commentsCollection.query(
Q.on('posts', 'published_at', Q.notEq(null)),
Q.unsafeSqlExpr(`comments.createad_at > posts.published_at + ${14 * 24 * 3600 * 1000}`)
)
// LokiJS example:
commentsCollection.query(
Q.on('posts', 'published_at', Q.notEq(null)),
Q.unsafeLokiTransform((rawRecords, loki) => {
return rawRecords.filter(rawRecord => {
const post = loki.getCollection('posts').by('id', rawRecord.post_id)
return post && rawRecord.created_at > post.published_at + 14 * 24 * 3600 * 1000
})
}),
)
For LokiJS, remember that rawRecord
is an unsanitized, unsafe object and must not be mutated. Q.unsafeLokiTransform
only works when using LokiJSAdapter
with useWebWorkers: false
. There can only be one Q.unsafeLokiTransform
clause per query.
null
behavior
There are some gotchas you should be aware of. The Q.gt
, gte
, lt
, lte
, oneOf
, notIn
, like
operators match the semantics of SQLite in terms of how they treat null
. Those are different from JavaScript.
Rule of thumb: No null comparisons are allowed.
For example, if you query comments
for Q.where('likes', Q.lt(10))
, a comment with 8 likes and 0 likes will be included, but a comment with null
likes will not! In Watermelon queries, null
is not less than any number. That's why you should avoid making table columns optional unless you actually need it.
Similarly, if you query with a column comparison, like Q.where('likes', Q.gt(Q.column('dislikes')))
, only comments where both likes
and dislikes
are not null will be compared. A comment with 5 likes and null
dislikes will NOT be included. 5 is not greater than null
here.
Q.oneOf
operator: It is not allowed to pass null
as an argument to Q.oneOf
. Instead of Q.oneOf([null, 'published', 'draft'])
you need to explicitly allow null
as a value like so:
postsCollection.query(
Q.or(
Q.where('status', Q.oneOf(['published', 'draft'])),
Q.where('status', null)
)
)
Q.notIn
operator: If you query, say, posts with Q.where('status', Q.notIn(['published', 'draft']))
, it will match posts with a status different than published
or draft
, however, it will NOT match posts with status == null
. If you want to include such posts, query for that explicitly like with the example above.
Q.weakGt
operator: This is weakly typed version of Q.gt
— one that allows null comparisons. So if you query comments
with Q.where('likes', Q.weakGt(Q.column('dislikes')))
, it WILL match comments with 5 likes and null
dislikes. (For weakGt
, unlike standard operators, any number is greater than null
).
Contributing improvements to Watermelon query language
Here are files that are relevant. This list may look daunting, but adding new matchers is actually quite simple and multiple first-time contributors made these improvements (including like, sort, take, skip). The implementation is just split into multiple files (and their test files), but when you look at them, it'll be easy to add matchers by analogy.
We recommend starting from writing tests first to check expected behavior, then implement the actual behavior.
src/QueryDescription/test.js
- Test clause builder (Q.myThing
) output and test that it rejects bad/unsafe parameterssrc/QueryDescription/index.js
- Add clause builder and type definitionsrc/__tests__/databaseTests.js
- Add test ("join" if it requires conditions on related tables; "match" otherwise) that checks that the new clause matches expected records. From this, tests running against SQLite, LokiJS, and Matcher are generated. (If one of those is not supported, addskip{Loki,Sql,Count,Matcher}: true
to your test)src/adapters/sqlite/encodeQuery/test.js
- Test that your query generates SQL you expect. (If your clause is Loki-only, test that error is thrown)src/adapters/sqlite/encodeQuery/index.js
- Generate SQLsrc/adapters/lokijs/worker/encodeQuery/test.js
- Test that your query generates the Loki query you expect (If your clause is SQLite-only, test that an error is thrown)src/adapters/lokijs/worker/encodeQuery/index.js
- Generate Loki querysrc/adapters/lokijs/worker/{performJoins/*.js,executeQuery.js}
- May be relevant for some Loki queries, but most likely you don't need to look here.src/observation/encodeMatcher/
- If your query can be checked against a record in JavaScript (e.g. you're adding new "by regex" matcher), implement this behavior here (index.js
,operators.js
). This is used for efficient "simple observation". You don't need to write tests -databaseTests
are used automatically. If you can't or won't implement encodeMatcher for your query, add a check tocanEncode.js
so that it returnsfalse
for your query (Less efficient "reloading observation" will be used then). Add your query totest.js
's "unencodable queries" then.
Next steps
➡️ Now that you've mastered Queries, make more Relations