I am trying to perform a post call in node js, i am testing it through post but i am not able to retrive data,
my node code,
exports.login = function( req, res ) {
console.log("Params:"+req.body.email);
//console.log('email:'+params.email);
connection.query('SELECT * FROM profile where email ='+req.body.email,function(error,result,rows,fields){
if(!!error){console.log(error)
console.log('fail');
}else{
console.log(result);
res.send(result);
}
// }
});}
my routes,
router.post('/login',cors(), admin.login);
i am getting fail and my error is
{ [Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#gmail.com' at line 1]
my input through postman
{"email":"s#gmail.com"}
Don't build the query string directly, this leaves you open to injection attacks and also chokes on certain characters, as you are experiencing here. Use a placeholder like so:
var query = "select * from profile where email = ?";
connection.query(query, [req.body.email], function(error,result,rows,fields) {
...
Related
I am getting som data from my MYSQL database. It checks for the email and date to match the users email and chosen date, then it gets the matching rows data. It all works well if I use a date that exists in the table, but when I use a date that does not exists, I get a ER_PARSE_ERROR.
It looks like this:
let date = 27/09/2019
let sql = `SELECT weigh, temp, length, cat, date FROM reps WHERE email = 'test#gmail.com' AND date = ?`;
connection.query(sql, [date], (error, result, fields) => {
if (error) throw error;
//here I do some stuff
When the date is not in the database, I get this:
Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')'
If there is no date, it now crashes my whole function. Instead I just want it to not get anything and keep the function going.
I tried below but it is still crashing:
if (error) {
send.response('nothing');
}
Any idea how to solve this?
This is finally solved. The reason I got the ER_PARSE_ERROR: was because I hade some functions that relied on the MySQL output. When no rows from MySQL was shown, the error occurred. I solved it by saying if nothing then end response. This is the code:
if (error) { throw error;
} else if (!result.length) { //Checks if no results, then ends the response without doing anything, before it tried to do things when there was no result which caused the error.
return console.log('Date or email does not match any database rows');
response.end();
}
I want insert a JSON object into MySQL in Node.js server, this is the code
let id = 1
let date = new Date().toJSON().slice(0,10).replace(/-/g,'/');
let sql ='INSERT INTO case_record (case_details,gen_date,case_id) VALUES('+caseDetails+','+date+','+id+')'
console.log(sql)
con.query(sql,function(err, result, fields){
if(err) throw err;
res = result;
console.log(res)
});
This is the caseDetails data
let caseDetails = {
caseData,
patData,
notifData,
primecData,
refData}
Each of the object in the caseDetails is JSON object also.
When I excute, the error return is
Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '[object Object],2019/04/22,1)' at line 1
How to fix this problem?
Your SQL syntax is wrong to cause parsing error.
Why don't u follow this correction?
...
let sql ='INSERT INTO case_record(case_details,gen_date,case_id) VALUES(?,?,?)';
con.query(sql, [caseDetails,date,id] ,function(err, result, fields) {
...
});
Hope to get helped.
I have a (currently localhost, but soon to be through AWS) Node.JS server with Express and I'm trying to update an RDS instance through a MySQL query when I'm getting the following error:
{ [Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''history0' = 'http://localhost:3000/' WHERE id = 1' at line 1]
code: 'ER_PARSE_ERROR',
errno: 1064,
sqlMessage: 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'\'history0\' = \'http://localhost:3000/\' WHERE id = 1\' at line 1',
sqlState: '42000',
index: 0,
sql: 'UPDATE infected SET \'history0\' = \'http://localhost:3000/\' WHERE id = 1;' }
The POST request causing the error:
app.post('/history', function(req, res) {
var hist = 'history' + 0;
var sql = 'UPDATE infected SET ? = ? WHERE id = ?;';
connection.query(sql, [hist, req.body[0].url, 1]);
});
I'm using hist as a variable because I plan to have it in a loop, but I wasn't sure if the way I'm declaring it here is causing the issue so I left it as is. req.body is the output of JSON.stringify() called on call to chrome.history.search(). So I'm trying to get the URL of the entry at index 0.
I've tried a direct call to connection.query with a hard-coded string as follows:
connection.query("UPDATE infected SET history0='google.com' WHERE id='1'");
and it successfully updates the database, so I figure there's an issue with how I'm using the question marks to insert variables hist and req.body[0].url into the query, but I can't figure out what the issue is.
try with double "??" for the keys, this way:
app.post('/history', function(req, res) {
var hist = 'history' + 0;
var sql = 'UPDATE infected SET ?? = ? WHERE id = ?;';
connection.query(sql, [hist, req.body[0].url, 1]);
});
I'm having a little trouble performing an update query with the node mysql2 module. I'm preparing the query using the '?' placeholder and then passing in the values like so;
socket.on('connection', function(client){
[...]
client.on('userjoin', function(username, userid){
run_db_insert("UPDATE users_table SET clientid = ? WHERE user = ?", [client.id, userid], function(){
console.log(client.id + ' <=> ' + userid);
});
[...]
});
Unfortunately, this is raising an error;
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''12345678' WHERE userid = ?' at line 1
The data isn't reflected in the database. For some reason, the code doesn't appear to be picking up the second question mark placeholder and so it's not passing the correct value (i.e. it's trying to find the userid of ?).
If I change the code to this;
run_db_insert("UPDATE users_table SET clientid = ? WHERE user = '" + userid + "'", [client.id], function(){
...then the update runs without error and is reflected in the DB. If I console.log both client.id and userid, the console correctly reflects these values.
My run_db_insert function is as follows;
function run_db_insert(sql, args, callback){
var mysql = svc_mysql2.createConnection({
// connection details
});
mysql.connect(function(err){
if(err){
console.log('Error connecting to DB: ' + err);
}
});
mysql.query(sql, [args], function(err){
if (err){
console.log(err);
return;
}
callback();
});
mysql.end();
};
I've had no problems performing SELECT or INSERT queries using multiple '?' placeholders (with a slightly modified function that has result in the line 11 of that function and then returns that in the callback), but I'm finding that UPDATE isn't correctly assigning all the parameters I'm passing in to it.
I think your problem is that you're wrapping your query replacement values in another array, so [[client.id, userid]] is being passed to mysql.query().
Try changing:
mysql.query(sql, [args], function(err){
to:
mysql.query(sql, args, function(err){
i trying to insert json created in node.js into mysql,
but there is a error in syntax, i am not able to rectify the error,
any help will be appreciated
my code
flowController.on('2', function (_selfid,_participantId,_groupid,_allMemberContent)
{
var allMemberDetailSQL= "SELECT spFunAllMemberNotificationDetails("+ _selfid + "," + _participantId +") as groupparticipants";
console.log("allMemberDetailSQL"+allMemberDetailSQL);
client.query(allMemberDetailSQL,function(detailERROR,detailResult)
{
if (detailERROR)
console.log("detailERROR "+ detailERROR);
else
{
var detailstr='';
detailstr = JSON.stringify(detailResult);
console.log('detailResult :'+ detailstr);
console.log("detailResult "+detailResult[0].groupparticipants);
var otherArray = [detailResult[0].groupparticipants];
var _allMemberDetail = JSON.stringify({
selfid: _selfid,
groupid: _groupid,
anArray: otherArray
});
console.log("_allMemberDetail " +_allMemberDetail);
var allMemberDetail = "'"+_allMemberDetail+"'";
console.log("allMemberDetail "+allMemberDetail);
client.query("INSERT INTO cmNotification (notificationSenderId, notificationReceiverId)"+"VALUES('"+_selfid+"','"+ _allMemberDetail+ "');", function(err, rows)
{
console.log("error insert "+err);
console.log("rows insert"+rows);
//connection.release();
});
}
});
});
console output
allMemberDetailSQLSELECT spFunAllMemberNotificationDetails(20,16) as groupparticipants
detailResult :[{"groupparticipants":"userid:'15',firstname:'pitu15',lastname:'',isfriend:'1',profilepicurl:''"}]
detailResult userid:'15',firstname:'pitu15',lastname:'',isfriend:'1',profilepicurl:''
_allMemberDetail {"selfid":"20","groupid":"15","anArray":["userid:'15',firstname:'pitu15',lastname:'',isfriend:'1',profilepicurl:''"]}
allMemberDetail '{"selfid":"20","groupid":"15","anArray":["userid:'15',firstname:'pitu15',lastname:'',isfriend:'1',profilepicurl:''"]}'
detailResult :[{"groupparticipants":"userid:'16',firstname:'pitu16',lastname:'',isfriend:'0',profilepicurl:''"}]
detailResult userid:'16',firstname:'pitu16',lastname:'',isfriend:'0',profilepicurl:''
_allMemberDetail {"selfid":"20","groupid":"15","anArray":["userid:'16',firstname:'pitu16',lastname:'',isfriend:'0',profilepicurl:''"]}
allMemberDetail '{"selfid":"20","groupid":"15","anArray":["userid:'16',firstname:'pitu16',lastname:'',isfriend:'0',profilepicurl:''"]}'
error insert Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '15',firstname:'pitu15',lastname:'',isfriend:'1',profilepicurl:''"]}')' at line 1
rows insertundefined
error insert Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '16',firstname:'pitu16',lastname:'',isfriend:'0',profilepicurl:''"]}')' at line 1
rows insertundefined
Use built in parameters escaping to prevent sql injection attack. "INSERT INTO ... SET ?" also makes life easier:
client.query("INSERT INTO cmNotification SET ?", {notificationSenderId: _selfid, notificationReceiverId: _allMemberDetail}, function(err, rows) {
// ...
});