[英]Mysql query quote syntax error NodeJS
I have a value: something's
. 我有一个值
something's
。 Value also can be a's'a
etc. Sometimes value is something | a
价值也可以是
a's'a
等something | a
something | a
and so on. something | a
,依此类推。 It works fine. 工作正常。 Trying to insert it in mysql:
尝试将其插入mysql中:
mysqlConnection.query('INSERT INTO `something` (`users`,`other`) VALUES (\'' + value + '\',\'' + other + '\')'
It returns syntax error. 它返回语法错误。 How can I insert that value with
'
symbol in mysql.query? 如何在mysql.query中插入带有
'
符号的值?
Concatenating query with values is really bad idea, basically you need just to escape your values properly, but for better security you should look for example on this node-mysql lib with prepared statements, and read something about SQL Injections. 将查询与值连接起来确实不是一个好主意,基本上,您只需要适当地转义您的值即可,但是为了获得更好的安全性,您应该例如在具有准备好的语句的该node-mysql lib上查找,并阅读有关SQL Injections的内容。
Also related: Preventing SQL injection in Node.js 也相关: 在Node.js中防止SQL注入
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.