[英]How can I use a variable as column name in mysql / express?
Currently I have this issue, the problem is that the table name gets a set of quotation marks (ad it's a string) and this makes the server crash.目前我有这个问题,问题是表名有一组引号(它是一个字符串),这会使服务器崩溃。
const update = 'the name of my column';
const UpdateQuery = `UPDATE scores
SET ${mysql.escape(update)} = ${mysql.escape(newValue)}
WHERE score_id = ${mysql.escape(singleScore.score_id)}`;
mysql.escape()
works fine for everything except for the column name. mysql.escape()
适用于除列名以外的所有内容。
This is what I get if I console.log the query after injecting the variables:如果我在注入变量后对查询进行 console.log,这就是我得到的结果:
UPDATE scores
SET 'the name of my column' = 1
WHERE score_id = 1
It looks like you are using the mysql NPM package .看起来您正在使用mysql NPM 包。
The escape
method is used for escaping query values. escape
方法用于转义查询值。 To escape query identifiers (like column names) you should use the escapeId
method instead.要转义查询标识符(如列名),您应该改用escapeId
方法。 Your code should look like this:您的代码应如下所示:
const update = 'the name of my column';
const UpdateQuery = `UPDATE scores
SET ${mysql.escapeId(update)} = ${mysql.escape(newValue)}
WHERE score_id = ${mysql.escape(singleScore.score_id)}`;
Similarly, if you are using replacements, use a double question mark instead of a single to escape identifiers.同样,如果您使用替换,请使用双问号而不是单问号来转义标识符。
const update = 'the name of my column';
const UpdateQuery = `UPDATE scores
SET ?? = ?
WHERE score_id = ?`;
const replacements = [update, newValue, singleScore.score_id];
Tamilvanan solution with a tiny change fixes the issue只需稍加改动的泰米尔瓦南解决方案即可解决此问题
db.query(
'UPDATE scores SET '+update+' = ? Where score_id = ?',
[newValue, singleScore.score_id],
(err, result) => {
if (err) throw err;
console.log(`Changed ${result.changedRows} row(s)`);
}
);
For weird MySQL column names, you can't put single quotes around them.对于奇怪的 MySQL 列名,您不能在它们周围加上单引号。 Single quotes just turn the value into a string.单引号只是将值转换为字符串。
The backtick is used for this in MySQL.反引号在 MySQL 中用于此目的。 For example例如
UPDATE `table with space` SET `column with space` = 'bar';
Check the below code.检查下面的代码。 It might work,它可能有效,
con.query(
'UPDATE scores SET '+update+' = ? Where score_id = ?',
// Old - [${mysql.escape(newValue)}, ${mysql.escape(singleScore.score_id)}],
/* Update - */ [newValue,singleScore.score_id],
(err, result) => {
if (err) throw err;
console.log(`Changed ${result.changedRows} row(s)`);
}
);
As per your query, ${mysql.escape(update)}
includes the single quote from the value.根据您的查询, ${mysql.escape(update)}
包含值的单引号。
So, I had this problem myself yesterday.所以,昨天我自己也遇到了这个问题。 I found the solution by accidentally searching for variable table names.我通过不小心搜索变量表名找到了解决方案。
The solution is to query like this:解决方案是这样查询:
const columnName = 'the name of my column';
query("UPDATE `scores` SET ?? = ? WHERE `score_id` = ?;", [columnName, singleScore.score_id, newValue]);
Let me know if this works for you让我知道这是否适合你
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.