I have a (currently localhost, but soon to be through AWS) Node.JS server with Express and I'm trying to update an RDS instance through a MySQL query when I'm getting the following error:
{ [Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''history0' = 'http://localhost:3000/' WHERE id = 1' at line 1]
code: 'ER_PARSE_ERROR',
errno: 1064,
sqlMessage: 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'\'history0\' = \'http://localhost:3000/\' WHERE id = 1\' at line 1',
sqlState: '42000',
index: 0,
sql: 'UPDATE infected SET \'history0\' = \'http://localhost:3000/\' WHERE id = 1;' }
The POST request causing the error:
app.post('/history', function(req, res) {
var hist = 'history' + 0;
var sql = 'UPDATE infected SET ? = ? WHERE id = ?;';
connection.query(sql, [hist, req.body[0].url, 1]);
});
I'm using hist as a variable because I plan to have it in a loop, but I wasn't sure if the way I'm declaring it here is causing the issue so I left it as is. req.body is the output of JSON.stringify() called on call to chrome.history.search(). So I'm trying to get the URL of the entry at index 0.
I've tried a direct call to connection.query with a hard-coded string as follows:
connection.query("UPDATE infected SET history0='google.com' WHERE id='1'");
and it successfully updates the database, so I figure there's an issue with how I'm using the question marks to insert variables hist and req.body[0].url into the query, but I can't figure out what the issue is.
try with double "??" for the keys, this way:
app.post('/history', function(req, res) {
var hist = 'history' + 0;
var sql = 'UPDATE infected SET ?? = ? WHERE id = ?;';
connection.query(sql, [hist, req.body[0].url, 1]);
});
Related
const {tableName,recordId,idName}= req.query;
const arrayParam=[tableName,idName,recordId];
let sqlstmt="UPDATE ? SET status = 'deleted' WHERE ? = ?"
db.query(sqlstmt,arrayParam,(err,result) => {
if(err){console.log('Error occured while fetching user information',err)
res.send(err)
}
console.log(result);
res.send(result);
});
});
Error:
sqlMessage: "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''trainingRecords' SET status = 'deleted' WHERE 'recordId' = '10000107'' at line 1",
sqlState: '42000',
index: 0,
sql: "UPDATE 'trainingRecords' SET status = 'deleted' WHERE 'recordId' = '10000107'"
In the above snippet, from my understanding, it's the " ' " (single quotes added in the parameterization) that is causing the issue. Any suggestions to fix this?
Don't use prepared statements to inject table names or fields that you are using to filter or update. Try using this query.
UPDATE trainingRecords SET status = 'deleted' WHERE recordId = ?
I want insert a JSON object into MySQL in Node.js server, this is the code
let id = 1
let date = new Date().toJSON().slice(0,10).replace(/-/g,'/');
let sql ='INSERT INTO case_record (case_details,gen_date,case_id) VALUES('+caseDetails+','+date+','+id+')'
console.log(sql)
con.query(sql,function(err, result, fields){
if(err) throw err;
res = result;
console.log(res)
});
This is the caseDetails data
let caseDetails = {
caseData,
patData,
notifData,
primecData,
refData}
Each of the object in the caseDetails is JSON object also.
When I excute, the error return is
Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '[object Object],2019/04/22,1)' at line 1
How to fix this problem?
Your SQL syntax is wrong to cause parsing error.
Why don't u follow this correction?
...
let sql ='INSERT INTO case_record(case_details,gen_date,case_id) VALUES(?,?,?)';
con.query(sql, [caseDetails,date,id] ,function(err, result, fields) {
...
});
Hope to get helped.
Given the following:
let sql: any = 'SELECT * FROM test_people ORDER BY :column :direction LIMIT :limit, :offset';
let binds: any = { column: 'name', direction: 'desc', limit: '1', offset: '10' };
let result = await mysql.query(sql, binds);
For whatever reason it throws mysql syntax error, if I replace the bindings and write it hard-coded without the bindings then the query actually works and fetches the result. not sure what is wrong here. help ! :)
BTW, I also tried it with the question marks version, getting same syntax error.
Error output:
...
code: 'ER_PARSE_ERROR',
errno: 1064,
'You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near \':column :direction LIMIT :limit, :offset\' at line 1',
...
Appreciate any solution,
Only values can be bound. Column names (in ORDER BY), and the :direction cannot be bound. Also FYI table names, database names and other parts of the SQL syntax cannot be bound.
this is part of the code i use
var insertedData = {
name: 'testname',
score: '1337'
};
connect.query('INSERT INTO table SET ?', insertedData, function(error, result){
and this is the error i got
{ [Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the right
syntax to use near 'table SET name = 'Hek', score = '12'' at line
1]code: 'ER_PARSE_ERROR', errno: 1064, sqlState: '42000',index: 0 }
table is a reserved word in MySQL. I'd advise to rename your table to something else. If this is absolutely not a possibility for you, you can escape it with backticks:
connect.query('INSERT INTO `table` SET ?', insertedData, function(error, result){
i trying to insert json created in node.js into mysql,
but there is a error in syntax, i am not able to rectify the error,
any help will be appreciated
my code
flowController.on('2', function (_selfid,_participantId,_groupid,_allMemberContent)
{
var allMemberDetailSQL= "SELECT spFunAllMemberNotificationDetails("+ _selfid + "," + _participantId +") as groupparticipants";
console.log("allMemberDetailSQL"+allMemberDetailSQL);
client.query(allMemberDetailSQL,function(detailERROR,detailResult)
{
if (detailERROR)
console.log("detailERROR "+ detailERROR);
else
{
var detailstr='';
detailstr = JSON.stringify(detailResult);
console.log('detailResult :'+ detailstr);
console.log("detailResult "+detailResult[0].groupparticipants);
var otherArray = [detailResult[0].groupparticipants];
var _allMemberDetail = JSON.stringify({
selfid: _selfid,
groupid: _groupid,
anArray: otherArray
});
console.log("_allMemberDetail " +_allMemberDetail);
var allMemberDetail = "'"+_allMemberDetail+"'";
console.log("allMemberDetail "+allMemberDetail);
client.query("INSERT INTO cmNotification (notificationSenderId, notificationReceiverId)"+"VALUES('"+_selfid+"','"+ _allMemberDetail+ "');", function(err, rows)
{
console.log("error insert "+err);
console.log("rows insert"+rows);
//connection.release();
});
}
});
});
console output
allMemberDetailSQLSELECT spFunAllMemberNotificationDetails(20,16) as groupparticipants
detailResult :[{"groupparticipants":"userid:'15',firstname:'pitu15',lastname:'',isfriend:'1',profilepicurl:''"}]
detailResult userid:'15',firstname:'pitu15',lastname:'',isfriend:'1',profilepicurl:''
_allMemberDetail {"selfid":"20","groupid":"15","anArray":["userid:'15',firstname:'pitu15',lastname:'',isfriend:'1',profilepicurl:''"]}
allMemberDetail '{"selfid":"20","groupid":"15","anArray":["userid:'15',firstname:'pitu15',lastname:'',isfriend:'1',profilepicurl:''"]}'
detailResult :[{"groupparticipants":"userid:'16',firstname:'pitu16',lastname:'',isfriend:'0',profilepicurl:''"}]
detailResult userid:'16',firstname:'pitu16',lastname:'',isfriend:'0',profilepicurl:''
_allMemberDetail {"selfid":"20","groupid":"15","anArray":["userid:'16',firstname:'pitu16',lastname:'',isfriend:'0',profilepicurl:''"]}
allMemberDetail '{"selfid":"20","groupid":"15","anArray":["userid:'16',firstname:'pitu16',lastname:'',isfriend:'0',profilepicurl:''"]}'
error insert Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '15',firstname:'pitu15',lastname:'',isfriend:'1',profilepicurl:''"]}')' at line 1
rows insertundefined
error insert Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '16',firstname:'pitu16',lastname:'',isfriend:'0',profilepicurl:''"]}')' at line 1
rows insertundefined
Use built in parameters escaping to prevent sql injection attack. "INSERT INTO ... SET ?" also makes life easier:
client.query("INSERT INTO cmNotification SET ?", {notificationSenderId: _selfid, notificationReceiverId: _allMemberDetail}, function(err, rows) {
// ...
});