使用转义的req.body值数组的mysql上的INSERT上的SQL语法错误

时间:2018-11-08 15:20:52

标签: mysql node.js insert escaping

预先感谢您查看此问题!因此,我试图将一行数据插入到名为raw_base的表中。

代码如下:

const express = require('express');
const router = express.Router();
const mysql = require('mysql');

// Import MySQL Options
const options = require('../db_options');

const connection = mysql.createConnection(options);

router.post('/raw', (req, res) => {
    let data = [
        `${connection.escape(req.body[0].opened)}`,
        `${connection.escape(req.body[0].funding_source)}`,
        `${connection.escape(req.body[0].replace_existing_device)}`,
        `${connection.escape(req.body[0].project)}`,
        `${connection.escape(req.body[0].department)}`,
        `${connection.escape(req.body[0].ritm_number)}`,
        `${connection.escape(req.body[0].item)}`,
        `${connection.escape(req.body[0].category)}`,
        `${connection.escape(req.body[0].quantity)}`,
        `${connection.escape(req.body[0].price)}`,
        `${connection.escape(req.body[0].closed)}`
    ];

    connection.query('INSERT INTO `raw_base` (`opened`, `funding_source`, `replace_existing_device`, `project`, `department`, `ritm_number`, `item`, `category`, `quantity`, `price`, `closed`) VALUES ?', [data], (error, results, fields) => {
                if (error) throw error;
                console.log(results);
            });

因此,我收到以下错误:

  

错误:ER_PARSE_ERROR:您的SQL语法有错误;检查与您的MySQL服务器版本相对应的手册以在''\'2018-07-26 13:34:33 \'','127548298','0','0','\'附近使用正确的语法Psychiatry Admin-Central \'',''在第1行

如果;但是,我不会转义数据数组中的值,而是在sql INSERT查询中的值周围添加单引号,效果很好(像这样):

connection.query('INSERT INTO `raw_base` (`opened`, `funding_source`, `replace_existing_device`, `project`, `department`, `ritm_number`, `item`, `category`, `quantity`, `price`, `closed`) VALUES ('
    + '\'' + req.body[0].opened + '\', '
    + '\'' + req.body[0].funding_source + '\', '
    + '\'' + req.body[0].replace_existing_device + '\', '
    + '\'' + req.body[0].project + '\', '
    + '\'' + req.body[0].department + '\', '
    + '\'' + req.body[0].ritm_number + '\', '
    + '\'' + req.body[0].item + '\', '
    + '\'' + req.body[0].category + '\', '
    + '\'' + req.body[0].quantity + '\', '
    + '\'' + req.body[0].price + '\', '
    + '\'' + req.body[0].closed + '\')'
    , (error, results, fields) => {
        if (error) throw error;
        console.log(results);
    });

我也曾尝试在数据数组中的每个值周围添加单引号,但是没有运气。我认为这是一个简单的语法问题,但是我似乎无法确切地指出我要去哪里。再次感谢您的帮助!

以下是数据数组中的值(来自req.body [0]):

  

['\'2018-07-26 13:34:33 \'',     '127548298',     '0',     '0',     '\'精神病学管理中心\',     '\'RITM0023102 \'',     '\'HP USB键盘\',     '\'配件\'',     '6',     '14',     '\'2018-08-22 12:51:40 \'']

2 个答案:

答案 0 :(得分:1)

我认为您错过了的()?在您的查询中。
试试这个

const express = require('express');
const router = express.Router();
const mysql = require('mysql');

// Import MySQL Options
const options = require('../db_options');

const connection = mysql.createConnection(options);

router.post('/raw', (req, res) => {
    let data = [
        connection.escape(req.body[0].opened),
        connection.escape(req.body[0].funding_source),
        connection.escape(req.body[0].replace_existing_device),
        connection.escape(req.body[0].project),
        connection.escape(req.body[0].department),
        connection.escape(req.body[0].ritm_number),
        connection.escape(req.body[0].item),
        connection.escape(req.body[0].category),
        connection.escape(req.body[0].quantity),
        connection.escape(req.body[0].price),
        connection.escape(req.body[0].closed)
    ];

    connection.query('INSERT INTO `raw_base` (`opened`, `funding_source`, `replace_existing_device`, `project`, `department`, `ritm_number`, `item`, `category`, `quantity`, `price`, `closed`) VALUES (?)', [data], (error, results, fields) => {
                if (error) throw error;
                console.log(results);
            });

编辑:从字符串中提取连接。转义。

答案 1 :(得分:0)

从数据数组中完全删除了connection.escape()(在进行更多研究时,似乎不必对这些值进行转义):

const express = require('express');
const router = express.Router();
const mysql = require('mysql');

// Import MySQL Options
const options = require('../db_options');

const connection = mysql.createConnection(options);

router.post('/raw', (req, res) => {
    let data = [
        req.body[0].opened,
        req.body[0].funding_source,
        req.body[0].replace_existing_device,
        req.body[0].project,
        req.body[0].department,
        req.body[0].ritm_number,
        req.body[0].item,
        req.body[0].category,
        req.body[0].quantity,
        req.body[0].price,
        req.body[0].closed
    ];

    connection.query('INSERT INTO `raw_base` (`opened`, `funding_source`, `replace_existing_device`, `project`, `department`, `ritm_number`, `item`, `category`, `quantity`, `price`, `closed`) VALUES (?)', [data], (error, results, fields) => {
                if (error) throw error;
                console.log(results);
            });
相关问题
最新问题