如何使用 JS 从键值数组为 sqlite UPDATE 构建准备好的语句?
[英]How can I use JS to build a prepared statement for a sqlite UPDATE from an array of key values?
问题描述
I want to build a function that builds a prepared statement for a SQlite UPDATE query.
我想构建一个 function,它为 SQlite UPDATE 查询构建一个准备好的语句。 My current approach is to simply build a string and send this sql to the database.我目前的做法是简单地构建一个字符串并将这个 sql 发送到数据库。 But you can only do that if you don't care about security at all;-)但是,只有在您根本不关心安全性的情况下,您才能这样做;-)
My current function:我现在的function:
const newBrandData = {name: "def"};
const brand = {id: 1, name: "abc", prop1: ""};
update(brand, newBrandData) {
const keyValues = [];
Object.keys(newBrandData).forEach(e => {
keyValues.push(`${e} = "${newBrandData[e]}"`)
});
const sql = `UPDATE ${this.table} SET ${keyValues.toString()} WHERE id = ?`;
const params = [brand.id];
return this.run(sql, params);
}
2 个解决方案
解决方案1
1 已采纳 2022-10-10 15:18:42
Not sure if I understood your question, but you can avoid concatenating key values by using placeholders everywhere:不确定我是否理解你的问题,但你可以通过在各处使用占位符来避免连接键值:
const keyValues = [];
const params = [];
Object.keys(newBrandData).forEach(e => {
keyValues.push(`${e} = ?`);
params.push(newBrandData[e]);
});
const sql = `UPDATE ${this.table} SET ${keyValues.toString()} WHERE id = ?`;
params.push(brand.id);
解决方案2
1 2022-10-10 15:28:42
You are definitely on the right track.你绝对是在正确的轨道上。 You only have to change two things:你只需要改变两件事:
replace
keyValues.push(${e} = "${newBrandData[e]}")withkeyValues.push(${e} =?)`.将keyValues.push(${e} = "${newBrandData[e]}")替换为keyValues.push(${e} =?)`。replace
const params = [brand.id];替换const params = [brand.id];withconst params = [...Object.values(newBrandData), brand.id];with const params = [...Object.values(newBrandData), brand.id];
update(brand, newBrandData) {
const keyValues = [];
Object.keys(newBrandData).forEach(e => {
keyValues.push(`${e} = ?`)
});
const sql = `UPDATE ${this.table} SET ${keyValues.toString()} WHERE id = ?`;
const params = [...Object.values(newBrandData), brand.id];
return this.run(sql, params)
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.