LIKE SQL语法中的错误

时间:2015-10-27 12:17:42

标签: mysql sql node.js

我正在使用nodeJs和mysql包。

我想使用带有varibale的LIKE sql语句。

这是源代码:

var likemobile = '%'+mobile;
var query = "SELECT vtiger_contactaddress.contactaddressid as 'leadid', 
                    vtiger_contactaddress.mobile,
                    vtiger_contactaddress.phone 
             FROM `vtiger_contactaddress` 
             INNER JOIN `vtiger_crmentity` 
                 ON vtiger_crmentity.crmid=vtiger_contactaddress.contactaddressid AND 
                    vtiger_crmentity.deleted=0 AND 
                    vtiger_contactaddress.mobile LIKE "+likemobile+" OR 
                    vtiger_contactaddress.phone LIKE "+likemobile;

这是返回的错误:

Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual th
at corresponds to your MySQL server version for the right syntax to use near '%8
8436500 OR vtiger_leadaddress.phone LIKE %88436500' at line 1

5 个答案:

答案 0 :(得分:4)

您需要将相似的模式用单引号括起来。

另外两个建议:

  • 仅对字符串和日期常量使用单引号(不是列别名)。
  • 使用参数化查询,因此您不会将用户输入放入查询字符串中。

答案 1 :(得分:1)

try this..

         var likemobile = mobile;

var query = "SELECT vtiger_contactaddress.contactaddressid as 'leadid', 
                vtiger_contactaddress.mobile,
                vtiger_contactaddress.phone 
         FROM `vtiger_contactaddress` 
         INNER JOIN `vtiger_crmentity` 
             ON vtiger_crmentity.crmid=vtiger_contactaddress.contactaddressid AND 
                vtiger_crmentity.deleted=0 AND 
                vtiger_contactaddress.mobile LIKE '% "+likemobile+"%'  OR 
                vtiger_contactaddress.phone LIKE '%"+likemobile +"%'";

答案 2 :(得分:1)

@Gordon Linoff是对的。有人这样:

var likemobile = mobile;
var query = "SELECT vtiger_contactaddress.contactaddressid as 'leadid', vtiger_contactaddress.mobile, vtiger_contactaddress.phone FROM `vtiger_contactaddress` INNER JOIN `vtiger_crmentity` ON vtiger_crmentity.crmid=vtiger_contactaddress.contactaddressid AND vtiger_crmentity.deleted=0 AND vtiger_contactaddress.mobile LIKE '%"+likemobile+"%' OR vtiger_contactaddress.phone LIKE '%"+likemobile+"%'";

答案 3 :(得分:1)

... AND vtiger_contactaddress.mobile LIKE '%" + likemobile + "%' OR vtiger_contactaddress.phone LIKE %" + likemobile + "%";

答案 4 :(得分:1)

如果您确实在使用node-mysql,则应按the documentation中的说明运行查询。假设您已经有一个connection对象,使用绑定变量进行查询变得很简单:

connection.query({
  sql : "SELECT vtiger_contactaddress.contactaddressid as leadid, "
                   + " vtiger_contactaddress.mobile, "
                   + " vtiger_contactaddress.phone "
             + "FROM `vtiger_contactaddress` "
             + "INNER JOIN `vtiger_crmentity` "
             + "  ON vtiger_crmentity.crmid=vtiger_contactaddress.contactaddressid"
             + " AND vtiger_crmentity.deleted=0 AND "
             + "       (vtiger_contactaddress.mobile LIKE concat('%', ?) OR "
             + "       vtiger_contactaddress.phone LIKE concat('%', ?))",
  values: [mobile, mobile]
}, function (error, results, fields) {
  // error will be an Error if one occurred during the query
  // results will contain the results of the query
  // fields will contain information about the returned results fields (if any)
});

此处需要注意的事项:

  • 使用绑定变量,阻止SQL Injection
  • concat函数用于为(已清理的)输入添加通配符(%)前缀
  • OR编辑在一起的两个查询条件现在用vtiger_crmentity.deleted=0的括号分隔,这可能是您想要的
  • 您需要在回调函数中编写结果集处理代码,通过resultsfields变量访问数据