CODEWITHSUNDEEP
mysqlnode.jsnode-mysql
sachin hunur
sachin hunur

Reputation: 281

Not able to insert data into table using Nodejs

exports.creategroup= function(callback,name,email,firstname)
 {
//  var connection=pool.getConnection();
var connection=connect();
console.log(email);
console.log(firstname);
var query="CREATE TABLE "+name+"(membername varchar(50) NOT NULL,email varchar(50) NOT NULL)";

  var query1="INSERT  INTO'"+name+"'(membername,email) VALUES('"+email+"','"+firstname+"')";
console.log(query);
connection.query(query,function(err,result){
    if(err)
        {
        console.log("ERROR:"+err.message);
        }
    else
        {
        if(result.length!==0)

        {
            console.log("DATA : "+JSON.stringify(result));
            callback(err, result);
        }
        else
        {
            callback("Invalid Username", result);
        }
        }
    //pool.returnConnection(connection);
     });

//The insert into query gives an error. I can't figure out what syntax error i have made. Could someone please help. The table is being created. The error I am facing in the insert is

ERROR:ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''sad'(membername,email) VALUES('hunur','Sachin Mallikarjun')' at line 1

here sad was passed as the argument for table name

Upvotes: 0

Views: 960

Answers (1)

baao
baao

Reputation: 73211

You've put the table Name in ' ticks, that's not valid. Below will work:

var query1="INSERT  INTO "+name+" (membername,email) VALUES('"+email+"','"+firstname+"')";

Please note that you absolutely shouldn't run a query like this as it is vulnerable to mysql injection. Use the escaped query node-mysql offers instead. 

 var query = "INSERT INTO ?? (??,??) VALUES (?,?)";
 var values = [name,'membername','email',firstname,email];
 mysql.query(mysql.format(query, values), function(err,result,tableInfo){/*...*/})

Like this, node-mysql prepares the query for you. Every ?? represents a table or column name while every ? stands for a value to be inserted. You can verify this by 

console.log(mysql.format(query,values));

Upvotes: 1

Related Questions