Due to the nature of some SQL queries it will be a great addition to slick, to have composable SQL Strings, which means that you could now generate some where parts dynamically without loosing some security feature's of SQL interpolated strings.

With this feature it would now be possible to write a query like that without loosing sql injection prevention or other security features of slick:

Example:

def (username: Option[String], id: Option[Long]) = {
    val q0 = List()
    val q1 = if (username.isDefined) sql"username = $username" :: q0 else q0
    val q2 = if (id.isDefined) sql"id > $id" :: q1 else q1
   val where = sql"WHERE ${q2.mkstring(" AND ")}"
   db.run(sql"SELECT * FROM table #$where;".as[TableRow])
}

Another example would be an update or an insert which will add some rows on demand:

def (username: Option[String], id: Option[Long]) = {
val userQuery = if(username.isDefined) sql"username = $username" else sql""
val idQuery = if(id.isDefined) sql"id = $id" else sql""
db.run(sql"UPDATE table SET first_name = 'Mustermann', #$userQuery, #$idQuery")
}

This API would require significant input so I think for keeping backwards compatibility there would be need for some keywords, other than sql"". Also it should work to have a better api than just concat a List of queries with mkstring, so there would be the need for doing a .and or .or or when we look at the update part there is a comma in between.

Would be great to here some input on this. And espacially to have some input how to solve the most common problems with this feature, like dynamic SET parts of a update query or mixing dynamic with static parts and dynamic where filter.