tier1
Reputation: 6433
node-mysql multiple escaped parameters
As the documentation states, I can use the '?' symbol to automatically replace and escape a parameter. The following works as expected:
dbconn.query('SELECT * FROM users WHERE iduser = ?', 11, function(err, results) {
if (err) throw err;
results[0].Password = '';
console.log(results);
res.send(results);
});
But how can I add more parameters? The following does not work:
dbconn.query('SELECT * FROM users WHERE iduser = ? || iduser = ?', 11, 12, function(err, results) {
if (err) throw err;
results[0].Password = '';
console.log(results);
res.send(results);
});
Is this possible and can somebody show me the correct syntax to do so? Thanks
Upvotes: 0
Views: 5552
Answers (1)
Chris
Reputation: 1611
The correct way is to pass an array:
db.query("SELECT * FROM table WHERE id=? OR id=?", [3, 4], function(err, results) {...
The data in the array is automatically escaped for you. It's all in the docs
https://github.com/felixge/node-mysql
Upvotes: 7
Related Questions
- How to escape a whole sql string instead of escaping each argument?
- How to properaly escape using mysql / sqlstring in Node.js in bulk INSERT?
- Nodejs Mysql: Query-Escaping adds single quotes
- Mysql query doesn't work anymore when escaping values
- mysql escaping string node js`
- Best way to escape array of data on MysQl nodeJS query
- Node Mysql Escaping - Mysql.Escape() / Mysql.EscapeId()
- Escaping values in Mysqljs
- Using node-mysql, how can I NOT escape mysql functions?
- node-mysql escaping query values - array with unknown length