Closed Myrmod closed 1 year ago
I would recommand to post that to stackoverflow. This is a sequelize configuration issue and i'm not a specialist of sequelize.
All i can say the that the problem here is that the query connector receive is UPDATE users SET ? WHERE id = 2
with some parameters. I imagine that what is expected is passing query UPDATE users SET name=?,email=?,password=?,functionality=?,accessRights=? WHERE id = 2
with some parameters.
Sequelize build query depending on parameters. So depending on your sequelize version, check documentation like here it might be something like :
await sequelize.query(
'UPDATE users SET name=?,email=?,password=?,functionality=?,accessRights=? WHERE id = ?',
{
replacement: [
twoWayEncrypt(user.name),
twoWayEncrypt(user.email),
user.password,
user.functionality ? JSON.stringify(user.functionality) : undefined,
user.accessRights ? JSON.stringify(user.accessRights) : undefined,
user.id,
]
},
type: QueryTypes.UPDATE,
);
thank you, I'll give it a try
if i'm wrong and that not sequelize at all ('autoJsonMap' made me thing of that) then that's a little bit different. either do :
const queryResult = await connection.query(
'UPDATE users SET name=?,email=?,password=?,functionality=?,accessRights=? WHERE id = ?',
[
twoWayEncrypt(user.name),
twoWayEncrypt(user.email),
user.password,
user.functionality ? JSON.stringify(user.functionality) : undefined,
user.accessRights ? JSON.stringify(user.accessRights) : undefined,
user.id,
},
)
or passing named parameters:
const queryResult = await connection.query(
{ namedPlaceholders: true, sql:'UPDATE users SET name=:name,email=:email,password=:password,functionality=:functionality,accessRights=:accessRights WHERE id = :id'},
{
name: twoWayEncrypt(user.name),
email: twoWayEncrypt(user.email),
password: user.password,
functionality: user.functionality ? JSON.stringify(user.functionality) : undefined,
accessRights: user.accessRights ? JSON.stringify(user.accessRights) : undefined,
id: user.id
},
)
I tried both of these with the same error. So what I ended up doing is the following:
let setValues = []
setValues.push(user.name ? `name = "${twoWayEncrypt(user.name)}"` : undefined)
...
setValues.push(
user.functionality ? `functionality = '${JSON.stringify(user.functionality)}'` : undefined,
)
setValues = setValues.filter(v => v)
await connection.query({
sql: `UPDATE users SET ` + setValues.join(', ') + ` WHERE id = ${user.id}`,
autoJsonMap: true,
})
This works and is not as badly readable as I imagined.
If ^^ works for you, i would still recommand passing parameters in order to prevent SQL injection.
Hahaha, nice comic strip!
Yea SQL injection might be a problem. I'm already checking it at multiple places, but more doesn't hurt. Thank you!
Hello, I am creating an
UPDATE
query as follows:which results in the following error:
I don't see the problem and I couldn't find any documentation on this issue.