Reputation: 9798
How to escape apostrophes using NodeJS
I'm trying to update a column in my PostgresQL database using Nodejs:
res.rows.forEach((tmdbID) => {
(async () => {
const json = await fetchMovieData(tmdbID.tmdb_id);
const overview = json.overview.replace('\'', '\\\'');
console.log(overview);
pool.query(`UPDATE "Movie" SET overview = '${overview}' WHERE tmdb_id = ${json.id}`);
})();
});
async function fetchMovieData(tmdbID) {
const response = await fetch(`https://api.themoviedb.org/3/movie/${tmdbID}?api_key=a8f7039633f2065942cd8a28d7cadad4&language=en-US`);
const data = response.json();
return data;
}
The error I'm getting:
(node:1412) UnhandledPromiseRejectionWarning: error: syntax error at or near "s"
It happens on this string:
The Bride unwaveringly continues on her roaring rampage of revenge against the band of assassins who had tried to kill her and her unborn child. She visits each of her former associates one-by-one, checking off the victims on her Death List Five until there \'s nothing left to do … but kill Bill.
I'm trying to escape the 'but it doesn't seem to be working. Any tips?
Upvotes: 1
Views: 47
Answers (1)
Reputation: 783
Don't try to pass everything as a String, that is how SQL Injection happens. A better approach is to use parameters.
I'm not exactly sure which library are you using, but the syntax should be something similar to this:
pool.query('UPDATE "Movie" SET overview = ? WHERE tmdb_id = ?', [overview, json.id]);
Upvotes: 1
Related Questions
- How to insert EJS tag inside of apostrophes?
- How do I escape quotes in Node?
- Apostrophe is escaped in JSON array of strings
- Escaping apostrophes in javascript
- Escaping apostrophe (single quote) character in javascript and html
- Escaped apostrophe causing issue in JavaScript
- How to use double quotes inside double quotes
- Why Node doesn't properly escape string?
- How to escape double quotes in Node.js
- Escaping apostrophe