CODEWITHSUNDEEP
javascriptmysqlnode.jsquotesdouble-quotes
Mich
Mich

Reputation: 322

NodeJS / MySQL quotes in query data url

Heey all, I have a quick question concerning simple/double quotes in javascript, using NodeJS and MySQL database.. here's my code

app.get('/AddCollection', function (req, res) {
  var queryData = url.parse(req.url , true).query;
    connection.query("INSERT IGNORE INTO collections VALUES ('" +queryData.nom+ "' ,'"  +queryData.categorie+ "','" +queryData.description+ "','" + queryData.urlimage+"')", function (err, result) {
            if (err) throw err;
            res.json("Vous avez ajouté "+queryData.categorie+"et"+queryData.description+"et"+queryData.objet+"a la table");
        }
    );
});
<script src="https://cdnjs.cloudflare.com/ajax/libs/react/15.1.0/react.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/react/15.1.0/react-dom.min.js"></script>

delete query :

app.get('/DeleteCollection', function (req, res) {
  var queryData = url.parse(req.url , true).query;
    connection.query("DELETE FROM `collections` WHERE `collections`.`nom` ='"+queryData.nom+"'", function (err, result) {
            if (err) throw err;
            res.json("Vous avez ajouté supprimé la collection"+ queryData.nom);
        }
    );
});

Thing is that I already used simple and double quotes for the call. So for example, if queryData.nom or queryData.categorie is equal to the heroes' places then the code won't work as it will confuse the simple quotes.. How do I fix that?

Upvotes: 0

Views: 2718

Answers (1)

Ronin
Ronin

Reputation: 26

Parameterize your query

connection.query("INSERT IGNORE INTO collections VALUES (?, ?, ?, ?)", [queryData.nom, queryData.categorie, queryData.description, queryData.urlimage], function (err, result) {
        if (err) throw err;
        res.json("Vous avez ajouté "+queryData.categorie+"et"+queryData.description+"et"+queryData.objet+"a la table");
    }
);

Upvotes: 1

Related Questions