Search code examples
javascriptsqlsql-servernode.jsprepared-statement

NodeJS MSSQL WHERE IN Prepared SQL Statement

I am use nodejs npm package sql I currently have an array of product skus like so..

var skus = ['product1', 'product2', 'product3'];

My sql store in a file as follows...

SELECT *
FROM stock AS s
WHERE s.sku IN (@skus)

Then I also have my prepared statement code as follows..

var connection = new sql.Connection(config, function(err) {
        var ps = new sql.PreparedStatement(connection);
        //Add params
        if(params != undefined){
            for(var key in params){
                ps.input(key, sql.VarChar(200));
            }
        }
        ps.prepare(sqlstatement, function(err) {
            ps.execute(params, function(err, data) {
                callback(null, data);
                ps.unprepare(function(err) {
                });
            });
        });
    });
}

skus is contained correctly within the params object as the statement works fine when I am using it for simple WHERE X = @YI am just struggling with how I need pass the array of skus to allow them to work in the prepared statement.

I am amend the string using split and join to comma seperate them etc etc but I can't get these methods to work.

I assumed that I would need the param string to look like the following 'product1','product2','product3'.

would be also useful if someone could shed some light on how to debug the completed prepared statement so I can see what is actually being queried to SQL (with params inplace)

Many thanks in advance!

Solution

  • It appears that the sql object (i.e. the mssql module) has no attribute to handle arrays of anything. Moreover, specifying a scalar type in the call to ps.input similarly does not work.

    The next best thing is to build keys for your array of parameters into your sql statement itself:

    var connection = new sql.Connection(config, function(err) {
        var ps = new sql.PreparedStatement(connection);
        // Construct an object of parameters, using arbitrary keys
        var paramsObj = params.reduce((obj, val, idx) => {
            obj[`id${idx}`] = val;
            ps.input(`id${idx}`, sql.VarChar(200));
            return obj;
        }, {});
        // Manually insert the params' arbitrary keys into the statement
        var stmt = 'select * from table where id in (' + Object.keys(paramsObj).map((o) => {return '@'+o}).join(',') + ')';
        ps.prepare(stmt, function(err) {
            ps.execute(paramsObj, function(err, data) {
                callback(null, data);
                ps.unprepare(function(err) {
                });
            });
        });
    });
}