Ludvig Knutsmark
Reputation: 11
Postgres, nodejs SELECT query
I have a sqlquery which is: client.query("SELECT * FROM my_table WHERE my_varchar='userInput'").
userInput = req.body.userInput which reads from an inputbox in a jade file.
No matter what I try with different '' or "" around the variables I either get that it generates an error from every input or every input seems correct, although that input does not exist in the table.
Any help would be appreciated!
Upvotes: 0
Views: 3220
Answers (1)
bknights
Reputation: 15377
The normal answer is don't do that! Inserting raw user input is a great way to get hacked. Do you actually have an input value?
instead:
console.log("User Input is "+ userInput); // or add debug lib and debug("User Input....
client.query("SELECT * FROM my_table WHERE my_varchar = $1", [userInput]);
Also validate your query in psql from a command prompt
Upvotes: 3
Related Questions
- Correct way of using node-postgres select with IN clause
- JOIN queries not working in Node-postgres
- make postgres condition query in nodejs
- Error handling postresql and nodejs query
- Proper PostgreSQL querying with node.js
- Node postgres select - how do I access the data returned?
- select query postgreqs fails on nodejs
- Returning result from SELECT with node-postgres
- querying postgres db with node-postgres
- postgres +node.js query combine