Closed dxataclub closed 3 years ago
Hi @templar-git a single ?
is for a value, but a double ??
is for an identifier. You should be using ??
for that position. You can read more about how this module works here: https://github.com/mysqljs/sqlstring#escaping-query-identifiers
Thank you @dougwilson
I'm using sqlstring.escape() to escape unpredicted input, this function wraps the input with quotes '' which is causing node mysql driver to throw ER_PARSE_ERROR.
mysql server version: 8.0.23-0ubuntu0.20.04.1 sqlstring version: 2.3.2
Here is a code example:
Thank you.