Reputation:
How to convert to string to insert in sql
I have this string:
x = "<?xml version="1.0" encoding="UTF-8"?>"
But when I insert it gives problems with the quotes. How can I change the quotes to take the entire string?
I get the string from a query, I don't create it
Upvotes: 1
Views: 451
Answers (4)
Reputation: 656
Escape your doublequote for mysql.
x = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
Look at this answer. It may be helpful. Click here
You can also escape double quote using regex. Look
Hope this helps you
Upvotes: 3
Reputation: 4059
You always want to use a parameterized query when creating SQL commands. How you do that varies based upon which database server you are using and what language and components you use to connect to it.
Injection attacks are the number 1 (according to the OWASP Top 10) vulnerability in web sites today.
Upvotes: 0
Reputation: 77
If you're using ES6, you can use template literals.
I also recommend using more descriptive variable names:
const xmlVersion = `<?xml version="1.0" encoding="UTF-8"?>`
Upvotes: 0
Reputation: 106
x = "<?xml version='1.0' encoding='UTF-8'?>"
or
x = ""
x = "<?xml version='1.0' encoding='UTF-8'?>"
//or
x = `<?xml version='1.0' encoding='UTF-8'?>`Upvotes: 0
Related Questions
- Making a javascript string sql friendly
- How to properaly escape using mysql / sqlstring in Node.js in bulk INSERT?
- Nodejs Mysql Insert is adding backslashes to strings and fails
- mysql escaping string node js`
- string concatenation issue during insert statement
- escape a string in node js to insert it in a sqlite3 database
- Remove Backtick From String
- Double and Single quotes on Insert SQL
- Javascript string syntax to write SQL
- Escaping Mysql special character string with javascript