MySQL查询报价语法错误NodeJS
[英]Mysql query quote syntax error NodeJS
问题描述
I have a value: something's . 
我有一个值something's 。 Value also can be a's'a etc. Sometimes value is something | a 价值也可以是a's'a等something | a something | a and so on. something | a ,依此类推。 It works fine. 工作正常。 Trying to insert it in mysql: 尝试将其插入mysql中:
mysqlConnection.query('INSERT INTO `something` (`users`,`other`) VALUES (\'' + value + '\',\'' + other + '\')'
It returns syntax error. 它返回语法错误。 How can I insert that value with ' symbol in mysql.query? 如何在mysql.query中插入带有'符号的值?
1 个解决方案
解决方案1
1 已采纳 2015-09-27 19:04:55
Concatenating query with values is really bad idea, basically you need just to escape your values properly, but for better security you should look for example on this node-mysql lib with prepared statements, and read something about SQL Injections. 将查询与值连接起来确实不是一个好主意,基本上,您只需要适当地转义您的值即可,但是为了获得更好的安全性,您应该例如在具有准备好的语句的该node-mysql lib上查找,并阅读有关SQL Injections的内容。
Also related: Preventing SQL injection in Node.js 也相关: 在Node.js中防止SQL注入
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.