浓缩系列 mySQL 查询
[英]Condensing series of mySQL queries
问题描述
I have a series of queries to find a question given a username.
我有一系列查询来查找给定用户名的问题。 The queries find the userID associated with a username in the user table, then the questionID attached to the userID in the user_question table, then the question attached to the questionID in the question table.查询在 user 表中找到与用户名关联的 userID,然后在 user_question 表中找到附加到 userID 的 questionID,然后在 question 表中附加到 questionID 的问题。
Because my database structure follows the 2nd normal form and stores different entities in different tables (users, questions etc), it leads to needing multiple queries across multiple tables.因为我的数据库结构遵循第二范式并将不同的实体存储在不同的表(用户、问题等)中,因此需要跨多个表进行多个查询。
Is it possible to condense the series of queries into something which 1) requires less code and 2) requires less queries?是否可以将一系列查询压缩为 1)需要更少代码和 2)需要更少查询的内容?
username = escape(req.query.username);
client.query("SELECT userID FROM user WHERE username = \"" + username + "\"", function(err, result) {
if (err !== null) {
console.log(err);
}
else {
client.query("SELECT questionID FROM user_question WHERE userID = " + result[0]["userID"], function(err, result) {
if (err !== null) {
console.log(err);
}
else {
client.query("SELECT question FROM question WHERE questionID = " + result[0]["questionID"], function(err, result) {
if (err !== null) {
console.log(err);
}
else {
//handle question
}
});
});
});
EDIT: K. Bastian below gave a correct answer.编辑:下面的 K. Bastian 给出了正确答案。 The code in use now is:现在使用的代码是:
var query =
`SELECT
q.question
FROM
question q
JOIN user_question uq ON q.questionID = uq.questionID
JOIN user u ON u.userID = uq.userID
WHERE
u.username = \"` + username + `\"`;
client.query(query, function(err, result) {
//Handle
});
EDIT: After K. Bastian also pointed out the node-mysql library's ability to escape user-input strings (instead of JS performing the function), I also implemented that, further simplifying the code.编辑:在 K. Bastian 还指出 node-mysql 库能够转义用户输入字符串(而不是 JS 执行该功能)之后,我也实现了这一点,进一步简化了代码。
var query =
`SELECT
q.answer
FROM
question q
JOIN user_question uq ON q.questionID = uq.questionID
JOIN user u ON u.userID = uq.userID
WHERE
u.username = ` + client.escape(req.query.username);
client.query(query, function(err, result) {
//Handle result...
});
1 个解决方案
解决方案1
1 已采纳 2016-05-14 10:57:13
You can put your queries into one ...您可以将您的查询整合到一个...
something like this?像这样的东西?
select
q.question
from
question q
JOIN user_question uq ON q.questionID = uq.questionID
JOIN user u ON u.userID = uq.userID
WHERE
u.username = \"" + username + "\"
Btw... this looks like a potential sql injection part... \\"" + username + "\\"顺便说一句...这看起来像是一个潜在的 sql 注入部分... \\"" + 用户名 + "\\"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.