Closed zoobot closed 6 years ago
You need to escape the values you are inserting into the SQL or you'll have SQL syntax errors. See escaping section.
When i get to a computer i can provide an example too
Example:
let query = `INSERT INTO myTAble SET
myID = ${mysql.escape(id)},
name = ${mysql.escape(customer_name)},
email = ${mysql.escape(customer_email)},
ON DUPLICATE KEY UPDATE
name = ${mysql.escape(customer_name)},
email = ${mysql.escape(customer_email)}`;
Of course you can use the placeholder syntax instead:
let query = mysqk.format(`INSERT INTO myTAble SET
myID = ?,
name = ?,
email = ?,
ON DUPLICATE KEY UPDATE
name = ?,
email = ?`, [id, customer_name, customer_email, customer_name, customer_email]);
var toUnnamed = require('named-placeholders')();
let [query, values] = toUnnamed(`INSERT INTO myTAble SET
myID = :id,
name = :customer_name,
email = :customer_email,
ON DUPLICATE KEY UPDATE
name = :customer_name,
email = :customer_email`, { id, customer_name, customer_email });
Thanks @dougwilson !! mysql.escape is a bit verbose... named placeholders and placeholders looks a bit cleaner and more readable though still have to worry about order with placeholder. I had given up on string templates and used placeholder set as an options array populated by my object. Wish I could just do string templates without escapes, that way I wouldn't have to worry about order or messing up which fields I have in the dataobject.
or if you are too lazy to type mysql.escape
@zoobot you can automate it like this:
const escape = (strings, ...values) =>
strings
.map((s, index) => (index < values.length ? `${s}${mysql.escape(values[index])}` : s))
.join("");
let query = escape`INSERT INTO myTAble SET
myID = ${id},
name = ${customer_name},
email = ${customer_email},
ON DUPLICATE KEY UPDATE
name = ${customer_name},
email = ${customer_email}`;
see https://medium.freecodecamp.org/es6-tagged-template-literals-48a70ef3ed4d for example
I am definitely too lazy to type mysql.escape. This looks cool thanks @sidorares , that looks like it can be used for a lot of things
hi, I have been struggling to make template strings work in insert and update queries and wondering if I am just doing it wrong or is it not supported? THANKS for any input.
https://dev.mysql.com/doc/refman/8.0/en/insert.html
Here's what I was attempting but could not get to work:
Also tried these to no avail: