Update 050-raw-queries.mdx (#5685)

Co-authored-by: Jon Harrell <[email protected]>
prisma · Mar 10, 2024 · 54be5b2 · 54be5b2
1 parent 7c28a24
commit 54be5b2
Showing 1 changed file with 2 additions and 4 deletions.
diff --git a/...0-orm/200-prisma-client/100-queries/090-raw-database-access/050-raw-queries.mdx b/...0-orm/200-prisma-client/100-queries/090-raw-database-access/050-raw-queries.mdx
@@ -28,6 +28,8 @@ For relational databases, Prisma Client exposes four methods that allow you to s
 - `$queryRawUnsafe` to return actual records (for example, using `SELECT`) using a raw string. **Potential SQL injection risk**
 - `$executeRawUnsafe` to return a count of affected rows (for example, after an `UPDATE` or `DELETE`) using a raw string. **Potential SQL injection risk**
 
+> **Note**: All methods in the above list can only run **one** query at a time. You cannot append a second query - for example, calling any of them with `select 1; select 2;` will not work.
+
 ### <inlinecode>$queryRaw</inlinecode>
 
 `$queryRaw` returns actual database records. For example, the following `SELECT` query returns all fields for each record in the `User` table:
@@ -323,8 +325,6 @@ $executeRaw<T = unknown>(query: TemplateStringsArray | Prisma.Sql, ...values: an
 
 The `$executeRawUnsafe` method allows you to pass a raw string (or template string) to the database. Like `$executeRaw`, it does **not** return database records, but returns the number of rows affected.
 
-> **Note**: `$executeRawUnsafe` can only run **one** query at a time. You cannot append a second query - for example, adding `DROP bobby_tables` to the end of an `ALTER`.
-
 <Admonition type="warning">
 
 If you use this method with user inputs (in other words, `SELECT * FROM table WHERE columnx = ${userInput}`), then you open up the possibility for SQL injection attacks. SQL injection attacks can expose your data to modification or deletion.<br /><br />
@@ -561,8 +561,6 @@ Prisma Client mitigates the risk of SQL injection in the following ways:
   $executeRaw`...` // Tagged template
   ```
 
-- `$executeRaw` can only run **one** query at a time. You cannot append a second query - for example, adding `DROP bobby_tables` to the end of an `ALTER`.
-
 If you cannot use tagged templates, you can instead use [`$queryRawUnsafe`](/orm/prisma-client/queries/raw-database-access/raw-queries#queryrawunsafe) or [`$executeRawUnsafe`](/orm/prisma-client/queries/raw-database-access/raw-queries#executerawunsafe) but **be aware that your code may be vulnerable to SQL injection**.
 
 #### ⚠️ String concatenation