Thursday, 27 June 2019
javascript - Mysql query quote syntax error NodeJS
Answer
Answer
I have a value: something's. Value also can be a's'a etc. Sometimes value is something | a and so on. It works fine. Trying to insert it in mysql:
mysqlConnection.query('INSERT INTO `something` (`users`,`other`) VALUES (\'' + value + '\',\'' + other + '\')'
It returns syntax error. How can I insert that value with ' symbol in mysql.query?
Answer
Concatenating query with values is really bad idea, basically you need just to escape your values properly, but for better security you should look for example on this node-mysql
lib with prepared statements, and read something about SQL Injections.
Also related: Preventing SQL injection in Node.js
Subscribe to:
Post Comments (Atom)
php - file_get_contents shows unexpected output while reading a file
I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print ...
No comments:
Post a Comment