I have this code in my project
app.post('/history/form/confirm', isLoggedIn, (req,res)=>{
let code = req.body.pcode,
quanti = req.body.qty,
price = req.body.price,
cust = req.body.orderedBy,
oDate = req.body.orderDate;
[code].forEach((product, index, arr) =>{
const q = quanti[index];
let sql = `INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date)
VALUES (`+con.escape(product)+`, (SELECT productName FROM inventory.receive WHERE productCode = `+con.escape(product)+`), (SELECT unitPrice FROM inventory.receive WHERE productCode = `+con.escape(product)+`), `+con.escape(q)+`,`+con.escape(price)+`,`+con.escape(cust)+`,`+con.escape(oDate)+`)`
con.query(sql, (err,result)=>{
if (!err){
req.flash('historyMessage', 'Order Created')
res.redirect('/admin/history')
}
else{
res.status(404).send(err);
}
})
})
});
let sql = `INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date) VALUES (`+con.escape(product)+`, (SELECT productName FROM inventory.receive WHERE productCode = `+con.escape(product)+`), (SELECT unitPrice FROM inventory.receive WHERE productCode = `+con.escape(product)+`), `+con.escape(q)+`,`+con.escape(price)+`,`+con.escape(cust)+`,`+con.escape(oDate)+`)`
then i get this error
it adds two more columns to VALUES even if I only have 8 columns on my table and the id is on auto increment
What could be the culprit?
I tried other ways of coding like not having a subquery and it still adds those 3 extra values for some reason
HERE is the code from my other project but I didn't use Select because I didnt get the other values from other tables
.post("/send-data", (req,res)=>{
let order = req.body.OrderNo;
let quantity = req.body.quantity;
let first = req.body.fname,
last = req.body.lname,
contact = req.body.Contact,
email = req.body.emailAdd,
fb = req.body.facebook,
date = req.body.date,
delivery = req.body.delivery,
payment = req.body.payment,
time = req.body.time,
address = req.body.address;
[order].forEach((product, index, arr)=>{
const q = quantity[index];
let sql = "INSERT INTO foodorder.orders (" +
"food_id," +
" qty,"+
" customer_FName," +
" customer_LName," +
" customer_address," +
" customer_number," +
" customer_email," +
" customer_facebook," +
" order_date," +
" delivery_option," +
" mode_of_payment," +
" delivery_time" +
") VALUES (" +
con.escape(product) + `,` +
con.escape(q) + `,` +
con.escape(first) + `,` +
con.escape(last) + `,` +
con.escape(address) + `,` +
con.escape(contact) + `,` +
con.escape(""+email) + `,` +
con.escape(fb) + `,` +
con.escape(date) + `,` +
con.escape(delivery) + `,` +
con.escape(payment) + `,` +
con.escape(time) +
`)`;
con.query(sql, (err,result) => {
if(!err){
res.redirect('thankyou.html');
}
else{
res.status(404).send('ERROR. Please Go back and Order Again');
}
})
})
});
For Barmar's Answer
const dbconfig = require('../config/database');
const mysql = require('mysql2');
const con = mysql.createConnection(dbconfig.connection);
con.query('USE ' + dbconfig.database);
module.exports = function(app, passport) {
app.use((req, res, next)=>{
res.locals.filterdata;
next();
})
// LOGIN =========================
// ===============================
app.get('/', (req,res) =>{
res.redirect('/login');
});
app.get('/login', function(req, res) {
res.render(process.cwd() + '/pages/login', { message: req.flash('loginMessage') });
});
app.post('/login', passport.authenticate('local-login', {
successRedirect : '/profile',
failureRedirect : '/login',
failureFlash : true
}),
function(req, res) {
console.log("someone logged in");
if (req.body.remember) {
req.session.cookie.maxAge = 1000 * 60 * 3;
} else {
req.session.cookie.expires = false;
}
res.redirect('/');
});
// FORGOT PW =======================
// =================================
app.get('/forgot', function(req, res) {
res.render(process.cwd() + '/pages/forgot');
});
// PAGE ROUTES =====================
// =================================
app.get('/profile', isLoggedIn, (req, res)=> {
if (req.isAuthenticated() && (req.user.isAdmin === 1)) {
res.redirect('/admin');
}
else{
res.redirect('/cashier');
}
});
// ADMIN ROUTES =====================
// ==================================
app.get('/admin', isLoggedIn, (req,res)=>{
let sql = "SELECT * FROM orders"
con.query(sql, (err,result)=>{
if(!err){
res.render(process.cwd() + '/pages/admin/history', {
data:result,
user: req.user,
message: req.flash('historyMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.get('/admin/history', isLoggedIn, (req,res)=>{
let sql = "SELECT * FROM orders"
con.query(sql, (err,result)=>{
if(!err){
res.render(process.cwd() + '/pages/admin/history', {
data:result,
user: req.user,
message: req.flash('historyMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.get('/history/form', isLoggedIn,(req,res)=>{
let sql = "SELECT * FROM receive"
let sql2 = "SELECT * FROM orders"
con.query(sql, (err,result)=>{
con.query(sql2, (err2,result2)=>{
if(!err){
res.render(process.cwd() + '/pages/admin/form', {data2:result2, data:result, user: req.user});
}
else{
res.status(404).send(err, err2);
}
})
});
});
app.post('/history/form/confirm', isLoggedIn, (req,res)=>{
let code = req.body.pcode,
quanti = req.body.qty,
price = req.body.price,
cust = req.body.orderedBy,
oDate = req.body.orderDate;
[code].forEach((product, index, arr) =>{
const q = quanti[index];
let sql = `INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date)
SELECT ?, productName, unitPrice, ?, ?, ?, ?
FROM inventory.receive
WHERE productCode = ?`;
console.log(sql);
con.query(sql,[product, q, price, cust, oDate], (err,result)=>{
if (!err){
req.flash('historyMessage', 'Order Created')
res.redirect('/admin/history')
}
else{
console.log(sql);
res.status(404).send(err);
}
})
})
});
app.post('/history/form/confirmPrint', isLoggedIn, (req,res)=>{
let code = req.body.pcode, name = req.body.pname, unit = req.body.punit,
qty = req.body.qty, price = req.body.price, cust = req.body.orderedBy, oDate = req.body.orderDate;
[code].forEach((product, index, arr) =>{
const q = qty[index];
let sql = "INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date) VALUES (?,?,?,?,?,?,?)"
con.query(sql,[product, name, unit, q, price, cust, oDate], (err,result)=>{
if (!err){
req.flash('historyMessage', 'Order Created')
res.redirect('/admin/history')
}
else{
res.status(404).send(err);
}
});
})
});
app.get('/admin/stocks', isLoggedIn, (req,res)=>{
let sql = "SELECT * FROM receive"
con.query(sql, (err,result)=>{
if(!err){
res.render(process.cwd() + '/pages/admin/stocks', {data: result, user: req.user});
}
else{
res.status(404).send(err);
}
});
});
app.get('/admin/receive', isLoggedIn, (req,res)=>{
let date = ""+ new Date().getFullYear() + "-" + (new Date().getMonth()+1) + "-" + new Date().getDate() ;
let sql = "SELECT * FROM receive WHERE date = ?";
con.query(sql,[date], (err,result)=>{
if (!err){
req.flash('dateMessage', date)
res.render(process.cwd() + '/pages/admin/receive', {
data: result,
user: req.user,
fltrdate: req.flash('dateMessage'),
message: req.flash('receiveMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.get('/receive/edit', isLoggedIn, (req,res)=>{
let date = ""+ new Date().getFullYear() + "-" + (new Date().getMonth()+1) + "-" + new Date().getDate() ;
let sql = "SELECT * FROM receive WHERE date = ?";
con.query(sql,[date], (err,result)=>{
if (!err){
req.flash('dateMessage', "" + date)
res.render(process.cwd() + '/pages/admin/editReceive', {
data: result,
user: req.user,
fltrdate: req.flash('dateMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.post('/receive/edit/delete', isLoggedIn, (req,res)=>{
let date = ""+ new Date().getFullYear() + "-" + (new Date().getMonth()+1) + "-" + new Date().getDate() ;
let sql = "DELETE FROM receive WHERE (date,productCode) = (?,?)";
con.query(sql,[date, req.body.deleteProd], (err,result)=>{
if (!err){
req.flash('receiveMessage', 'Successfully deleted')
res.redirect('/admin/receive')
}
else{
res.status(404).send(err);
}
});
});
app.post('/receive/edit/save', isLoggedIn, (req,res)=>{
let date = ""+ new Date().getFullYear() + "-" + (new Date().getMonth()+1) + "-" + new Date().getDate() ;
let code = req.body.code; let product = req.body.product;
let unit = req.body.unit; let quantity = req.body.quantity;
[code].forEach((p, index, arr)=>{
const q = quantity[index];
let sql = "INSERT INTO inventory.receive (productName, unitPrice, quantity, date) VALUES (?,?,?,?)";
con.query(sql,[product, unit, q, date], (err,result)=>{
if (!err){
req.flash('receiveMessage', 'Successfully saved')
res.redirect('/admin/receive')
}
else{
res.status(404).send(err);
}
});
});
});
// FILTER ADMIN ROUTES =====================
// =========================================
app.post('/receive/filter', isLoggedIn, (req,res)=>{
let date2 = req.body.date;
filterdata = date2;
let sql = "SELECT * FROM receive WHERE date = ?";
con.query(sql,[date2], (err,result)=>{
if (!err){
req.flash('dateMessage', date2)
res.render(process.cwd() + '/pages/admin/receiveFltr', {
data: result,
user: req.user,
message: req.flash('receiveMessage'),
fltrdate: req.flash('dateMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.post('/filter/edit', isLoggedIn, (req,res)=>{
let date3 = filterdata;
let sql = "SELECT * FROM receive WHERE date = ?";
con.query(sql,[date3], (err,result)=>{
if (!err){
req.flash('dateMessage', date3)
res.render(process.cwd() + '/pages/admin/editReceiveFltr', {
data: result,
user: req.user,
fltrdate: req.flash('dateMessage')
});
}
else{
res.status(404).send(err);
}
});
});
app.post('/filter/edit/delete', isLoggedIn, (req,res)=>{
let date = filterdata;
let sql = "DELETE FROM receive WHERE (date,productCode) = (?,?)";
con.query(sql,[date, req.body.deleteProd], (err,result)=>{
if (!err){
req.flash('receiveMessage', 'Successfully deleted')
res.redirect('/admin/receive')
}
else{
res.status(404).send(err);
}
});
});
app.post('/filter/edit/save', isLoggedIn, (req,res)=>{
let date = filterdata;
let code = req.body.code; let product = req.body.product;
let unit = req.body.unit; let quantity = req.body.quantity;
[code].forEach((p, index, arr)=>{
const q = quantity[index];
let sql = "INSERT INTO inventory.receive (productName, unitPrice, quantity, date) VALUES (?,?,?,?)";
con.query(sql,[product, unit, q, date], (err,result)=>{
if (!err){
req.flash('receiveMessage', 'Successfully saved')
res.redirect('/admin/receive')
}
else{
res.status(404).send(err);
}
});
});
});
// CASHIER ROUTES =====================
// =================================
// LOGOUT =========================
// ================================
app.get('/logout', (req, res)=> {
req.logout();
res.redirect('/login');
});
function isLoggedIn(req, res, next) {
if (req.isAuthenticated())
return next();
res.redirect('/');
}
}
I'm not sure where the extra values are coming from, but you can simplify this by using a prepared statement with parameters. And the query can use INSERT INTO ... SELECT ... rather than putting subqueries into the VALUES list.
app.post('/history/form/confirm', isLoggedIn, (req,res)=>{
let code = req.body.pcode,
quanti = req.body.qty,
price = req.body.price,
cust = req.body.orderedBy,
oDate = req.body.orderDate;
[code].forEach(product => {
let sql = `INSERT INTO inventory.orders (productCode, productName, unitPrice, quantity, totalPrice, customer, date)
SELECT ?, productName, unitPrice, ?, ?, ?, ?
FROM inventory.receive
WHERE productCode = ?`;
con.query(sql, [product, q, price, cust, oDate, product], (err,result)=>{
if (!err){
req.flash('historyMessage', 'Order Created')
res.redirect('/admin/history')
}
else{
res.status(404).send(err);
}
});
});
});
I have solved the issue and it's in my EJS file. I have an iteration to view the results from my table and have inputs for the price. The price didn't have a disabled attribute that's why it keeps accepting the other prices even if the checkbox is false.
Just add disabled and create a JS file that removes the disabled attribute if the checkbox is checked == true.
I'm using node with Mysql and here's my problem.
I'm trying to add new photos on my database and return it as an array
here is my function :
function addNewPhotos(_id, files) {
var deferred = Q.defer();
var new_photos = []
_.each(files, function (one) {
var data = [
one.path,
_id,
0
]
var sql = 'INSERT INTO photos(photo_link, id_user, isProfil) VALUES (?, ?, ?)';
db.connection.query(sql, data, function (err, result) {
if (err)
deferred.reject(err.name + ': ' + err.message);
var sql = 'SELECT id_user, photo_link, isProfil FROM `photos` WHERE id = ?';
if (result){
db.connection.query(sql, [result.insertId], function(err, photo) {
if (err) deferred.reject(err.name + ': ' + err.message);
if (photo) {
new_photos.push(photo[0]);
}
});
}
})
})
deferred.resolve(Array.prototype.slice.call(new_photos));
return deferred.promise}
The Insert works well but i can't retrieve the results to send them back to the client. (my array is empty)
Thanks.
Always promisify at the lowest level, in this case db.connection.query().
if(!db.connection.queryAsync) {
db.connection.queryAsync = function(sql, data) {
return Q.Promise(function(resolve, reject) { // or possibly Q.promise (with lower case p), depending on version
db.connection.query(sql, data, function(err, result) {
if(err) {
reject(err);
} else {
resolve(result);
}
});
});
};
}
Now the higher level code becomes very simple :
function addNewPhotos(_id, files) {
var sql_1 = 'INSERT INTO photos(photo_link, id_user, isProfil) VALUES (?, ?, ?)',
sql_2 = 'SELECT id_user, photo_link, isProfil FROM `photos` WHERE id = ?';
return Q.all(files.map(function(one) {
return db.connection.queryAsync(sql_1, [one.path, _id, 0]).then(function(result) {
return db.connection.queryAsync(sql_2, [result.insertId]);
});
}));
};
To prevent a single failure scuppering the whole thing, you might choose to catch individual errors and inject some kind of default ;
function addNewPhotos(_id, files) {
var sql_1 = 'INSERT INTO photos(photo_link, id_user, isProfil) VALUES (?, ?, ?)',
sql_2 = 'SELECT id_user, photo_link, isProfil FROM `photos` WHERE id = ?',
defaultPhoto = /* whatever you want as a default string/object in case of error */;
return Q.all(files.map(function(one) {
return db.connection.queryAsync(sql_1, [one.path, _id, 0]).then(function(result) {
return db.connection.queryAsync(sql_2, [result.insertId]);
}).catch(function() {
return defaultPhoto;
});
}));
};
Do the return in your async loop function when all has been done
function addNewPhotos(_id, files) {
var deferred = Q.defer();
var new_photos = [];
var todo = files.length;
var done = 0;
_.each(files, function (one) {
var data = [
one.path,
_id,
0
]
var sql = 'INSERT INTO photos(photo_link, id_user, isProfil) VALUES (?, ?, ?)';
db.connection.query(sql, data, function (err, result) {
if (err)
deferred.reject(err.name + ': ' + err.message);
var sql = 'SELECT id_user, photo_link, isProfil FROM `photos` WHERE id = ?';
if (result){
db.connection.query(sql, [result.insertId], function(err, photo) {
if (err) deferred.reject(err.name + ': ' + err.message);
if (photo) {
new_photos.push(photo[0]);
}
if(++done >= todo){
deferred.resolve(Array.prototype.slice.call(new_photos));
return deferred.promise
}
});
}
else
{
if(++done >= todo){
deferred.resolve(Array.prototype.slice.call(new_photos));
return deferred.promise;
}
}
})
})
}
The problem is that when I use ? parameter for passing my values with JSON name-pair values, the mysql row does not insert anything but blank values in the row (using INSERT INTO statement).
Following is a function in my node:
function registerdone(req, res) {
var username = req.body.username;
var password = req.body.password;
var firstname = req.body.firstname;
var lastname = req.body.lastname;
var encryptedPassword = bcrypt.hashSync(password, salt);
console.log("encryptedPassword: " + encryptedPassword);
var getUser = "INSERT INTO users (username, password, firstname, lastname) VALUES ('" + req.param("username") + "','" + encryptedPassword + "','" + req.param("firstname") + "','" + req.param("lastname") + "')";
console.log("Query from registerdone is :" + getUser);
mysql.fetchData(function(err, results) {
if (err) {
throw err;
ejs.renderFile('./views/failRegister.ejs', function(err, result) {
console.log('User with same Username already exists...');
});
} else {
console.log(req.body.username + " Registered !!!");
ejs.renderFile('./views/successRegister.ejs', function(err, result) {
// render on success
if (!err) {
res.end(result);
}
// render or error
else {
res.end('An error occurred');
console.log(err);
}
});
}
}, getUser, queryParams);
}
This works perfectly well when I use:
var getUser = "INSERT INTO users (username, password, firstname, lastname) VALUES ('" + req.param("username") + "','" + encryptedPassword + "','" + req.param("firstname") + "','" + req.param("lastname") + "')";
But when I use :
var getUser = "INSERT INTO users (username, password, firstname, lastname) VALUES ( ? ) ";
var queryParams = {
'username': username,
'password': encryptedPassword,
'firstname': firstname,
'lastname': lastname
};
and send queryParams with the callback function, I get all the values as null in mysql row.
The mysql DAO is:
function getConnection(){
var connection = mysql.createConnection({
host : 'localhost',
user : 'root',
password : 'root',
database : 'ebay_main',
port : 3306
});
return connection;
}
function fetchData(callback, sqlQuery, queryParams){
console.log("\nSQL Query ::"+sqlQuery);
var connection =getConnection();
connection.query(sqlQuery, queryParams, function(err, rows, fields) {
if(err){
console.log("ERROR : " + err.message);
}
else
{ // return err or result
console.log("DB Results:"+JSON.stringify(rows));
callback(err, rows);
}
});
console.log("\nConnection closed..");
connection.end();
}
You can use a more concise syntax: INSERT ?? SET ?
var table = 'users';
var queryParams = {
'username': username,
'password': encryptedPassword,
'firstname': firstname,
'lastname': lastname
};
connection.query('INSERT ?? SET ?', [table, queryParams ], function(err, rows, fields) {
//...
});
I am trying to Insert Data in Database through Node JS. Code working good showing "Record Inserted" msgs but no rows getting updated in MySQL.
This is the code where i am performing insert operation
connection.query('SELECT * FROM menu WHERE item_name=\'' + userResponces[2].toLowerCase() + '\'', function(err, rows){
if (err) throw err;
else{
i_id = rows[0].item_id;
console.log('i_id ' + i_id);
connection.query('INSERT INTO customer VALUES(default,' + c_name + ',' + c_addr + ',' + c_mob + ')', function(err, res){
if(err.fatal){
console.log(''+err.message);
}
else{
console.log("Record Inserted");
connection.query('SELECT MAX(customer_id) AS c_id FROM customer', function(err, res){
if(err) throw err;
else{
c_id = parseInt(res[0].c_id) + 1;
console.log('c_id ' + c_id);
console.log(i_id + ' ' + c_id + ' ' + qty);
connection.query('INSERT INTO order1() VALUES(default,' + i_id + ',' + c_id + ',' + qty + ',1)', function(err, res){
if(err) throw err;
else
console.log("Record Inserted");
});
}
});
}
});
}
});
In above code SELECT statement working perfectly, so undoubtedly no error in connection. Still this is for connection.
var mysql = require('mysql');
var connection = mysql.createConnection({
host : 'localhost',
user : 'nodeuser',
password : 'password',
database : 'foodorder'
});
connection.connect(function(err){
if(!err) {
console.log("Database is connected ...");
} else {
console.log("Error connecting database ...");
}
});
You first condition tests err.fatal.
But if the query returns a SQL error like ER_NO_SUCH_TABLE, err object hasn't a fatal property.
{ [Error: ER_NO_SUCH_TABLE: Table 'bad_table_name' doesn't exist]
code: 'ER_NO_SUCH_TABLE',
errno: 1146,
sqlState: '42S02',
index: 0 }
So, here, you should test on err rather than err.fatal
connection.query('INSERT INTO customer VALUES(default,' + c_name + ',' + c_addr + ',' + c_mob + ')', function(err, res){
if (err){
return console.log(err);
}
else{
console.log("Record Inserted");
// ...
});
Btw, think about escaping values :
connection.query(
'INSERT INTO customer VALUES(default, ?, ?, ?)',
[c_name, c_addr, c_mob],
function(err, res) {
//...
}
);