無法使用Node.js中的多個用戶定義變量運行MYSQL查詢

Question

Node.js代碼：

var express    = require("express");
var mysql      = require('mysql');
var connection = mysql.createConnection({
  host     : 'localhost',
  user     : 'root',
  password : 'password',
  database : 'myDatabase'
});
var app = express();

connection.connect(function(err){
if(!err) {
    console.log("Database is connected ... \n\n");
} else {
    console.log("Error connecting database ... \n\n");
}
});

app.get("/",function(req,res){
var tmdb_id, rel_date, role, title, year, starring, actor, categories,choose,use;

choose = 3;
if (choose == 0 || choose == 1 || choose ==2 || choose==3){
use = categories[choose];
connection.query('
SET @tmdbid:= (SELECT TMDB_ID FROM `MOVIES` WHERE VOTES > 2058 ORDER BY RAND() LIMIT 0,1);
SET @genre:= (SELECT GROUP_CONCAT(GENRE_NAME) FROM `MOVIES_GENRES` WHERE TMDB_ID = @tmdbid);
SET @director:=(SELECT GROUP_CONCAT(DISTINCT NAME) FROM`DIRECTORS` WHERE DID IN (SELECT DID FROM `DIRECTS` WHERE TMDB_ID = @tmdbid));
SET @actors:=(SELECT GROUP_CONCAT(DISTINCT NAME) FROM `ACTORS` WHERE AID IN (SELECT AID FROM `ROLES` WHERE TMDB_ID = @tmdbid));
SET @roles:=(SELECT GROUP_CONCAT(DISTINCT CHAR_NAME) FROM `ROLES` WHERE TMDB_ID = @tmdbid);
SET @plot:= (SELECT OVERVIEW FROM `OVERVIEW` WHERE TMDB_ID = @tmdbid);
SELECT TITLE, RELEASE_DATE, @genre, @director, @actors, @roles, @plot
FROM `MOVIES` WHERE TMDB_ID = @tmdbid', function(err,rows,fields){
  console.log(err);
  if (!err){
    console.log(rows[0]);
  }

 else
    console.log('Error while performing Query.');
  });
}


});
app.listen(3000);

查詢：

SET @tmdbid:= (SELECT TMDB_ID FROM `MOVIES` WHERE VOTES > 2058 ORDER BY RAND() LIMIT 0,1);
SET @genre:= (SELECT GROUP_CONCAT(GENRE_NAME) FROM `MOVIES_GENRES` WHERE TMDB_ID = @tmdbid);
SET @director:=(SELECT GROUP_CONCAT(DISTINCT NAME) FROM`DIRECTORS` WHERE DID IN (SELECT DID FROM `DIRECTS` WHERE TMDB_ID = @tmdbid));
SET @actors:=(SELECT GROUP_CONCAT(DISTINCT NAME) FROM `ACTORS` WHERE AID IN (SELECT AID FROM `ROLES` WHERE TMDB_ID = @tmdbid));
SET @roles:=(SELECT GROUP_CONCAT(DISTINCT CHAR_NAME) FROM `ROLES` WHERE TMDB_ID = @tmdbid);
SET @plot:= (SELECT OVERVIEW FROM `OVERVIEW` WHERE TMDB_ID = @tmdbid);
SELECT TITLE, RELEASE_DATE, @genre, @director, @actors, @roles, @plot
FROM `MOVIES` WHERE TMDB_ID = @tmdbid

我試圖保存所有用戶定義的變量值，然后在最后顯示它。 此代碼在使用MYSQL工作台6.3CE的MYSQL 5.7中運行良好。 但是，當我使用node.js運行此代碼時，由於拋出錯誤，因此無法獲得輸出。 當我下載node_modules時，節點中SQL的版本為0.9。

錯誤：

{ [Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT @tmdbid' at line 1]
  code: 'ER_PARSE_ERROR',
  errno: 1064,
  sqlState: '42000',
  index: 0 }

我不確定我要去哪里錯了。

Answer 1

根據node-mysql文檔 ，在一個查詢中不默認支持多個sql語句。 也許這就是為什么您遇到問題。

設置初始連接時打開對多條語句的支持：

var connection = mysql.createConnection({
  host     : 'localhost',
  user     : 'root',
  password : 'password',
  database : 'myDatabase',
  multipleStatements: true /* turn on multiple statements */
});

請注意 ，根據上述文檔，這可能會增加SQL注入攻擊的風險。

另外，您無法以query方法中的方式定義字符串。 看來您已經用回車符格式化了字符串。 令人驚訝的是，您沒有在sql錯誤之前從中得到語法錯誤。 也許您粘貼在此處的代碼不是逐字記錄的？

無論如何，為了安全起見，我會將整個查詢放在一行上。 因此，您的查詢將如下所示：

connection.query('SET @tmdbid:= (SELECT TMDB_ID FROM `MOVIES` WHERE VOTES > 2058 ORDER BY RAND() LIMIT 0,1); SET @genre:= (SELECT GROUP_CONCAT(GENRE_NAME) FROM `MOVIES_GENRES` WHERE TMDB_ID = @tmdbid); SET @director:=(SELECT GROUP_CONCAT(DISTINCT NAME) FROM `DIRECTORS` WHERE DID IN (SELECT DID FROM `DIRECTS` WHERE TMDB_ID = @tmdbid)); SET @actors:=(SELECT GROUP_CONCAT(DISTINCT NAME) FROM `ACTORS` WHERE AID IN (SELECT AID FROM `ROLES` WHERE TMDB_ID = @tmdbid)); SET @roles:=(SELECT GROUP_CONCAT(DISTINCT CHAR_NAME) FROM `ROLES` WHERE TMDB_ID = @tmdbid); SET @plot:= (SELECT OVERVIEW FROM `OVERVIEW` WHERE TMDB_ID = @tmdbid); SELECT TITLE, RELEASE_DATE, @genre, @director, @actors, @roles, @plot FROM `MOVIES` WHERE TMDB_ID = @tmdbid',

  function (err, rows, fields) {

    if (err)
      console.log(err);
    else
      console.log(rows[0]);

  });
}