我已经创建了一个Webhook,以使用Node.JS在此处接收一些数据。我使用MySQL存储数据,到目前为止,服务器能够连接到数据库,接收客户端数据,并在接收到数据后做出适当的响应。我只是在格式化MySQL查询字符串时遇到问题。
我尝试了多种引号配置,例如不将列名用单引号引起来,不将表名不包裹以及在查询字符串的每个部分的双引号和单引号之间切换。
任何建议将不胜感激!谢谢!
我的查询
var sql = "INSERT INTO 'cms'('ts', 'orgid', 'orgname', 'deviceid', 'devicename', 'event', 'setid', 'setname', 'viewid', 'viewname', 'duration', 'hotspotid', 'hotspotname', 'playlistid', 'playlistname', 'playlisttype', 'playlistassetid', 'playlisttitle') VALUES ("+timestamp+", "+orgid+", "+orgname+", "+deviceid+", "+devicename+", "+eventname+", "+setid+", "+setname+", "+viewid+", "+viewname+", "+duration+", "+hotspotid+", "+hotspotname+", "+playlistid+", "+playlistname+", "+playlisttype+", "+playlistassetid+", "+playlisttitle+")";
con.query(sql, function (err, result) { //Queries String with MySQL connection variable con
if (err) throw err;
var date = new Date();
var currHour = date.getHours();
console.log("Record Inserted at " + currHour); //Logs time of db insertion on console
});
这也是错误:
Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''cms'('ts', 'orgid', 'orgname', 'deviceid', 'devicename', 'event', 'setid', 'set' at line 1
at Query.Sequence._packetToError (/home/webhook/httpHandler/node_modules/mysql/lib/protocol/sequences/Sequence.js:47:14)
at Query.ErrorPacket (/home/webhook/httpHandler/node_modules/mysql/lib/protocol/sequences/Query.js:77:18)
at Protocol._parsePacket (/home/webhook/httpHandler/node_modules/mysql/lib/protocol/Protocol.js:278:23)
at Parser.write (/home/webhook/httpHandler/node_modules/mysql/lib/protocol/Parser.js:76:12)
at Protocol.write (/home/webhook/httpHandler/node_modules/mysql/lib/protocol/Protocol.js:38:16)
at Socket.<anonymous> (/home/webhook/httpHandler/node_modules/mysql/lib/Connection.js:91:28)
at Socket.<anonymous> (/home/webhook/httpHandler/node_modules/mysql/lib/Connection.js:502:10)
at emitOne (events.js:116:13)
at Socket.emit (events.js:211:7)
at addChunk (_stream_readable.js:263:12)
--------------------
at Protocol._enqueue (/home/webhook/httpHandler/node_modules/mysql/lib/protocol/Protocol.js:144:48)
at Connection.query (/home/webhook/httpHandler/node_modules/mysql/lib/Connection.js:200:25)
at IncomingMessage.<anonymous> (/home/webhook/httpHandler/server.js:70:9)
at emitNone (events.js:106:13)
at IncomingMessage.emit (events.js:208:7)
at endReadableNT (_stream_readable.js:1064:12)
at _combinedTickCallback (internal/process/next_tick.js:139:11)
at process._tickCallback (internal/process/next_tick.js:181:9)
答案 0 :(得分:0)
我想问题在于此代码:
VALUES ("+timestamp.toString()+"
您能尝试逃脱那些双重法定字符吗?
答案 1 :(得分:0)
我的第一个建议是制作一个带有参数的存储过程,而不是让自己接受SQL注入。
我的第二个建议是标准化表格。如果要同时添加ID和Name而不是表的关键数据,那么这是一个错误的设计。
除此之外,Roi是对的。您需要将多个值用转义引号引起来:
var sql =“在cms中插入(ts,orgid,orgname,deviceid,devicename,event,setid,setname,viewid,viewname)。 ,持续时间,hotspotid,hotspotname,playlistid,playlistname,playlisttype,playlistassetid和playlisttitle值(“ + timestamp.toString()+”,“ + orgid +” “,”“ + orgname +”“,” + deviceid +“,”“ + devicename +”“,”“ + eventname +”“,” + setid +“,”“ + setname +”“,” + viewid +“,”“ + viewname +” ',“ + duration +”,“ + hotspotid +”,“” + hotspotname +“”,“ + playlistid +”,“” + playlistname +“”,“” + playlisttype +“,” + playlistassetid +“,”“ + playlisttitle +”“)) “
答案 2 :(得分:0)
我会做这样的事情。
var sql = `INSERT INTO 'cms'('ts', 'orgid', 'orgname', 'deviceid', 'devicename', 'event', 'setid', 'setname', 'viewid', 'viewname', 'duration', 'hotspotid', 'hotspotname', 'playlistid', 'playlistname', 'playlisttype', 'playlistassetid', 'playlisttitle') VALUES ("${timestamp}", "${orgid}" ...)`;