MYSQL Node.js parse error and throw err error

Question

throw err; // Rethrow non-MySQL errors ^

Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''a', 'b', 'c'' at line 1

(I had entered a as the name,b as the username and c as the password in the form)

I can't figure out where the problem is.

db.js:

function createUser(name, username, password){
    var sql = "INSERT INTO users (name,username,password) VALUES ?";
    var values = [name, username, password];
    con.query(sql, [values], function (err, result) {
      if (err) throw err;
      console.log('inserted');
    });
  }

  module.exports = {createUser};

relevant part of server.js:

app.post('/create', function(req,res) {
  db.createUser(req.body.name,req.body.username,req.body.password);
  res.status(200).send();
});

Answer 1

You have to add for every variable a placeholder

function createUser(name, username, password){
    var sql = "INSERT INTO users (name,username,password) VALUES (?,?,?);";
    var values = [name, username, password];
    con.query(sql, values, function (err, result) {
      if (err) throw err;
      console.log('inserted');
    });
  }

  module.exports = {createUser};

Answer 2

I think you just need additional square brackets around the values:

var sql = "INSERT INTO users (name,username,password) VALUES ?";
var values = [[name, username, password]];
con.query(sql, [values], function (err, result) { ... });

This mechanism is mostly meant to insert multiple rows. You could also separate the parameters:

var sql = "INSERT INTO users (name,username,password) VALUES (?, ?, ?)";
var values = [name, username, password];
con.query(sql, values, function (err, result) { ... });