执行查询时sql语法错误(sql注入)?

时间:2017-03-24 11:40:24

标签: mysql node.js mysql-error-1064

QUERY: 

    model.client.query("SELECT ( 6371 * acos( cos( radians(:latitude) ) * cos( radians( latitude ) ) * cos( radians(longitude ) - radians(:longitude) ) + sin( radians(:latitude) ) * sin( radians( latitude) ) ) ) AS distance FROM offers where  isActive= :isActive ",{'latitude': latitude, 'longitude': longitude,'isActive':1},function (err,rows) {
        console.log(err);
});

错误 

{ Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':latitude) ) * cos( radians( latitude ) ) * cos( radians(longitude ) - radians(:' at line 1

1 个答案:

答案 0 :(得分:0)

 model.client.query("SELECT ( 6371 * acos( cos( radians(?) ) * cos( radians( latitude ) ) * cos( radians(longitude ) - radians(?) ) + sin( radians(?) ) * sin( radians( latitude) ) ) ) AS distance FROM offers where  isActive= ? ",[latitude,longitude,latitude,isActive],function (err,rows) {
        console.log(err);
});
相关问题
最新问题