I have a large sql query that I'd like to move into a .sql file and then import and execute using knex.raw() .

so I have something like:

knex().raw(` SELECT * FROM user_profiles WHERE user_id = '${userId}'; `);

I've tried moving the query into a file and reading it using

let sql = fs.readFileSync('./queries/user-profile.sql').toString();

But of course the template literal variable ${userId} isn't evaluated.

I thought about regex and just replacing it manually, but I was hoping there would be a better way. Preferably a solution that handles the sql injection vulnerability created by doing this.

Thanks <3