我想使用Sequelize进行原始查询并使用替换来避免sql注入:
var sequelize = require('sequelize');
sequelize.query("SELECT * FROM table where name =:name ORDER BY :age:direction",
{replacements:{name:"test", age:"age", direction:"desc"}, type: sequelize.QueryTypes.SELECT })
这将转换为以下查询
SELECT *
FROM table
WHERE name = 'test'
ORDER BY 'age' 'desc'
由于按列的顺序是单引号和方向也是单引号,postgres抛出错误
任何人都可以建议我如何使用替换来解决这个问题?
答案 0 :(得分:0)
作为一种解决方法,我分别创建了查询和排序顺序,然后将它们按以下顺序连接:
$ perl dummy.pl "2019-01-01 01:02:03"
UTC : 2019-01-01 01:02:03 UTC (UTC +0000)
Europe/Helsinki : 2019-01-01 03:02:03 EET (UTC +0200)
Europe/London : 2019-01-01 01:02:03 GMT (UTC +0000)
America/New_York : 2018-12-31 20:02:03 EST (UTC -0500)
America/Los_Angeles : 2018-12-31 17:02:03 PST (UTC -0800)
Asia/Tokyo : 2019-01-01 10:02:03 JST (UTC +0900)
# example in summer to show "BST"
$ perl dummy.pl "2018-06-01 01:02:03"
UTC : 2018-06-01 01:02:03 UTC (UTC +0000)
Europe/Helsinki : 2018-06-01 04:02:03 EEST (UTC +0300)
Europe/London : 2018-06-01 02:02:03 BST (UTC +0100)
America/New_York : 2018-05-31 21:02:03 EDT (UTC -0400)
America/Los_Angeles : 2018-05-31 18:02:03 PDT (UTC -0700)
Asia/Tokyo : 2018-06-01 10:02:03 JST (UTC +0900)
正在玩manifest.json
{
"short_name": "AJC",
"name": "AJC Properties",
"icons": [
{
"src": "AJC_favicon.ico",
"sizes": "32x32 24x24 16x16",
"type": "image/x-icon"
}, {
"src": "/images/AJC_LogoLG_FINAL_SQUARE_64.png",
"sizes": "64x64",
"type": "image/png"
}, {
"src": "/images/AJC_LogoLG_FINAL_SQUARE_192.png",
"sizes": "192x192",
"type": "image/png"
}, {
"src": "/images/AJC_LogoLG_FINAL_SQUARE_512.png",
"sizes": "512x512",
"type": "image/png"
}
],
"start_url": ".",
"scope": "/",
"display": "standalone",
"theme_color": "#000000",
"background_color": "#ffffff"
}