how do i use "?" as variables for my values so that i don't get hacked?

mysqljs / mysql

A pure node.js JavaScript Client implementing the MySQL protocol.

MIT License

18.28k stars 2.52k forks source link

how do i use "?" as variables for my values so that i don't get hacked? #2430

Closed AntoCrasher closed 3 years ago

AntoCrasher commented 3 years ago

I was wondering how do I use question marks so that I don't get hacked because when I use this: SQL = "INSERT INTO users (id, username) VALUES ( " + message.author.id + ", " + message.author.username + ")" it gives me an error: Unknown column '(my username)' in 'field list' I know you will say that there is already a post like this, but I am kinda a beginner still so I don't understand what they are saying

dougwilson commented 3 years ago

https://github.com/mysqljs/mysql#escaping-query-values

AntoCrasher commented 3 years ago

thnakss