Thursday, June 27, 2019

javascript - Mysql query quote syntax error NodeJS

Answer


Answer




I have a value: something's. Value also can be a's'a etc. Sometimes value is something | a and so on. It works fine. Trying to insert it in mysql:




mysqlConnection.query('INSERT INTO `something` (`users`,`other`) VALUES (\'' + value + '\',\'' + other + '\')'


It returns syntax error. How can I insert that value with ' symbol in mysql.query?


Answer



Concatenating query with values is really bad idea, basically you need just to escape your values properly, but for better security you should look for example on this node-mysql
 lib with prepared statements, and read something about SQL Injections.



Also related: Preventing SQL injection in Node.js



-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

plot explanation - Why did Peaches' mom hang on the tree? - Movies & TV

In the middle of the movie Ice Age: Continental Drift Peaches' mom asked Peaches to go to sleep. Then, she hung on the tree. This parti...