docs: add example how to use insecureRawSQL

Author: ivictbor

adminforth/documentation/docs/tutorial/03-Customization/03-virtualColumns.md

@@ -140,6 +140,42 @@ columns: [
 ```
 This way, when admin selects, for example, "Luxury" option for "Apartment Type" filter, it will be replace with a more complex "or" filter.
 
+### Custom SQL queries with `insecureRawSQL`
+
+Rarely the sec of Filters supported by AdminForth is not enough for your needs.
+In this case you can use `insecureRawSQL` to write your own part of where clause.
+
+However the vital concern that the SQL passed to DB as is, so if you substitute any user inputs it will not be escaped and can lead to SQL injection. To miticate the issue we recommend using `sqlstring` package which will escape the inputs for you.
+
+```bash
+npm i sqlstring
+```
+
+Then you can use it like this:
+
+```ts title='./resources/apartments.ts'
+import sqlstring from 'sqlstring';
+...
+
+  beforeDatasourceRequest: async ({ query }: { query: any }) => {
+    query.filters = query.filters.map((filter: any) => {
+      // replace apartment_type filter with complex one
+      if (filter.field === 'some_json_b_field') {
+        return {
+          // check if some_json_b_field->'$.some_field' is equal to filter.value
+          insecureRawSQL: `some_json_b_field->'$.some_field' = ${sqlstring.escape(filter.value)}`,
+        }
+      }
+
+      return filter;
+    });
+    return { ok: true, error: "" };
+  }
+```
+
+This example will allow to search for some nested field in JSONB column, however you can use any SQL query here.
+
+
 
 ## Virtual columns for editing.