Heey all, I have a quick question concerning simple/double quotes in javascript, using NodeJS and MySQL database.. here's my code
app.get('/AddCollection', function (req, res) {
var queryData = url.parse(req.url , true).query;
connection.query("INSERT IGNORE INTO collections VALUES ('" +queryData.nom+ "' ,'" +queryData.categorie+ "','" +queryData.description+ "','" + queryData.urlimage+"')", function (err, result) {
if (err) throw err;
res.json("Vous avez ajouté "+queryData.categorie+"et"+queryData.description+"et"+queryData.objet+"a la table");
}
);
});<script src="https://cdnjs.cloudflare.com/ajax/libs/react/15.1.0/react.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/react/15.1.0/react-dom.min.js"></script>delete query :
app.get('/DeleteCollection', function (req, res) {
var queryData = url.parse(req.url , true).query;
connection.query("DELETE FROM `collections` WHERE `collections`.`nom` ='"+queryData.nom+"'", function (err, result) {
if (err) throw err;
res.json("Vous avez ajouté supprimé la collection"+ queryData.nom);
}
);
});Thing is that I already used simple and double quotes for the call.
So for example, if queryData.nom or queryData.categorie is equal to the heroes' places then the code won't work as it will confuse the simple quotes..
How do I fix that?
Parameterize your query
connection.query("INSERT IGNORE INTO collections VALUES (?, ?, ?, ?)", [queryData.nom, queryData.categorie, queryData.description, queryData.urlimage], function (err, result) {
if (err) throw err;
res.json("Vous avez ajouté "+queryData.categorie+"et"+queryData.description+"et"+queryData.objet+"a la table");
}
);