[英]Syntax error when doing POSTGRES LIKE through Knex.js
This is giving me a syntax error: 这给了我一个语法错误:
if (searchCode) {
customerProducts = await customerProducts.andWhere(
db.sequelize.knex.raw('customer.code LIKE '
+ `%${searchCode}%`)
);
}
}
The error looks like this: 错误看起来像这样:
{"message":"UnknownErrorMiddleware error: select \"CustomerProduct\".\"id\" as \"_id\", \"CustomerProduct\".\"last_delivered\" as \"_lastDelivered\", \"CustomerProduct\".\"margin\" as \"_margin\", \"CustomerProduct\".\"outlier\" as \"_outlier\", \"CustomerProduct\".\"growth\" as \"_growth\", \"CustomerProduct\".\"period\" as \"_period\", \"CustomerProduct\".\"price\" as \"_price\", \"CustomerProduct\".\"active\" as \"_active\", \"CustomerProduct\".\"customer_id\" as \"_customerId\", \"CustomerProduct\".\"product_id\" as \"_productId\", \"CustomerProduct\".\"modified\" as \"_modified\", \"CustomerProduct\".\"month_value\" as \"_monthValue\", \"customer\".\"id\" as \"_customer_id\", \"customer\".\"title\" as \"_customer_title\", \"customer\".\"code\" as \"_customer_code\" from \"customer_products\" as \"CustomerProduct\" inner join \"customers\" as \"customer\" on \"CustomerProduct\".\"customer_id\" = \"customer\".\"id\" where \"product_id\" = $1 and customer.code LIKE %ZOO1% - syntax error at or near \"%\"","level":"info"}
I think the problem is that there is no ''
around %ZOO1%
but I don't know how I add this. 我认为问题在于
%ZOO1%
附近没有''
但我不知道如何添加。 How is it done and if this is not the problem, what is? 怎么做,如果这不是问题,那是什么?
You can add them like this '%${searchCode}%'
. 您可以像这样
'%${searchCode}%'
添加它们。 But the searchCode
variable will be prone to sql injections. 但是
searchCode
变量将易于进行sql注入。
Though, you should use the raw parameter binding feature 不过,您应该使用原始参数绑定功能
db.sequelize.knex.raw('customer.code LIKE ?', [`%${searchCode}%`])
https://knexjs.org/#Raw-Bindings https://knexjs.org/#Raw-Bindings
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.