NodeJs - mysql insert error - mysql

I have the following insert query:
connection.query('INSERT INTO `items` (`gameID`, `userID`, `bidID`, `value`, `imageUrl`, `itemName`) VALUES (' + gameID + ', 8, ' + rows.insertId + ', 3, https://steamcommunity-a.akamaihd.net/economy/image/class/730/' + ourItems[i].classid + '/150fx125f, ' + ourItems[i].market_name + ')', function(err, rows, fields) {
if (err) throw err;
});
I'm getting the following error however:
Any ideas?

You should work on your strings and concatenations:
connection.query("INSERT INTO `items` (`gameID`, `userID`, `bidID`, `value`, `imageUrl`, `itemName`)
VALUES ('" + gameID + "',
8,
'" + rows.insertId + "',
3,
'https://steamcommunity-a.akamaihd.net/economy/image/class/730/" + ourItems[i].classid + "/150fx125f',
'" + ourItems[i].market_name + "'
)", function(err, rows, fields) {
if (err) throw err;
});
This should be syntactically correct.

You should never build queries using that kind of concatenation.
You most likely will end up in a query that might break in future or even opens a possibility for sql injection.
If you use the mysql module then you should think over using the escape feature that are build in with the module (Escaping query values):
connection.query('INSERT INTO `items` SET ?',
{
gameID: gameID,
userID: 8,
/* ... */
imageUrl: 'https://steamcommunity-a.akamaihd.net/economy/image/class/730/' + ourItems[i].classid + '/150fx125f'
/* ... */
}, function(err, rows, fields) {
if (err) throw err;
});

Related

Node js - Mysql query is not executed as coded

i created several sql statements in node.js and now i want to execute them on my db. However, the query string is not executed as coded.
This is my function to generate the query string.
function insertProducts(products) {
if (!connection) {
// Create MYSQL-Connection
console.log('BUILDING connection to DB');
connection = getConnection();
connection.connect();
}
let query = "";
for (let i = 0; i < products.length; i++) {
// Iterate trough the products array and create a sql query
query += "INSERT INTO `tShortDescription`(`ShortDescription`, `Language`) VALUES ('" + products[i].short_description + "', 'DE'); " +
"INSERT INTO `tDescription`(`Description`, `Language`) VALUES ('" + products[i].description + "', 'DE'); " +
"INSERT INTO `tManufacturer`(`Name`) VALUES ('" + products[i].manufactur + "'); " +
"INSERT INTO `tSupplier`(`Name`) VALUES ('" + products[i].supplier + "'); " +
"INSERT INTO `tProduct`(`Sku`, `Title`, `ShortDescriptionId`, `DescriptionId`, `WohlesalePrice`, `SellingPrice`, `Quantity`, " +
"`ManufacturerId`, `SupplierId`, `Ean`) VALUES ('" + products[i].sku + "', '" + products[i].name + "', " +
"(SELECT id FROM tShortDescription WHERE ShortDescription = '" + products[i].short_description + "' LIMIT 1), " +
"(SELECT id FROM tDescription WHERE Description LIKE '" + products[i].description + "' LIMIT 1), " +
products[i].wholesale_price + ", " + products[i].selling_price + ", " + products[i].quantity + ", " +
"(SELECT id FROM tManufacturer WHERE Name = '" + products[i].manufactur + "' LIMIT 1), " +
"(SELECT id FROM tSupplier WHERE Name = '" + products[i].supplier + "' LIMIT 1), " + products[i].ean + "); ";
for (let j = 0; j < products[i].categories.length; j++) {
// Ad all categories to query
query += "INSERT INTO `rtCategory`(`ProductId`, `CategoryId`) " +
"VALUES ((SELECT `Id` FROM `tProduct` WHERE sku = '" + products[i].sku + "' LIMIT 1), " +
"(SELECT `Id` FROM `tCategory` WHERE Id = " + products[i].categories[j].src + " LIMIT 1)); "
for (let c = 0; c < products[i].images.length; c++) {
// Ad all images to query
query += "INSERT INTO `tImage`(`Url`) VALUES ('" + products[i].images[c].src + "'); " +
"INSERT INTO `rtImage`(`ProductId`, `ImageId`) " +
"VALUES ((SELECT `Id` FROM `tProduct` WHERE sku = '" + products[i].sku + "' LIMIT 1), " +
"(SELECT `Id` FROM `tImage` WHERE url = '" + products[i].images[c].src + "' LIMIT 1)); "
}
}
}
query = query.replace(/[\n\r\t]/g,);
if (query != "") {
// Create new Product in DB
return new Promise((resolve, reject) => {
connection.query(query, function (error, results, fields) {
if (error) { console.log(error) };
console.log('INSERTING successful');
resolve(results);
});
});
} else {
console.log('There are no new products to insert in db');
}
}
If i console.log(query) (before the query is ecexuted on my db) and execute the string directly in php myadmin, everything works fine but if i execute the query in code like connection.query(query, function (error, results, fields)....., i got several errors.
Error msg in terminal:
code: 'ER_PARSE_ERROR',
errno: 1064,
sqlMessage: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO `tDescription`(`Description`, `Language`) VALUES ('<p><strong>Tantra' at line 1",
sqlState: '42000',
index: 0,
I also get the sql query returned in terminal because of the error, and if i execute this query directly in php myadmin i also get an error ->
SQL query: Documentation
INSERT INTO `rtImage`(`ProductId`, `ImageId`) VALUES ((SELECT `Id` FROM `tProduct` WHERE sku = 'H1500148' LM
IT 1), (SELECT `Id` FROM `tImage` WHERE url = 'https://cdnbigbuy.com/images/H1500148_409897.jpg' LIMIT 1))
MySQL said: Documentation
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LM
IT 1), (SELECT `Id` FROM `tImage` WHERE url = 'https://cdnbigbuy.com/images' at line 1
It looks as if the LIMIT is somehow divided ...use near 'LM IT 1)....
I hope you understand where the problem is and someone might have a tip.
Your query is processed as 'LIMIT' it's just a new line in the console where the error showed up.
You should not be using string concatenation (or even template literals) for SQL queries under any circumstances because 1. It very likely the source of your problem. 2. It's very dangerous as it allows SQL injection attacks.
Use parameters instead. Here's a example:
connection.query("SELECT * FROM bank_accounts WHERE dob = ? AND bank_account = ?",[
req.body.dob,
req.body.account_number
],function(error, results){});
To read more about SQL injections and placeholders read this article.
Thanks for the helpful tips.
The problem was that I didn't set multiple statements: true in my code. This var is by default false and should be true, otherwise it is not possible to execute several queries once at a request!

Error "too many connections" in Node and MYSQL

I have a script in Node that makes about 4 or 5 requests to MYSQL, but it seems that there is some overload, because after inserting 4 or 5 records I get: "Too many connections"
Below I leave my code
const puppeteer = require('puppeteer');
var fs = require('fs');
const mysql = require('mysql2');
const mysqlConOptions = {
connectionLimit : 10, // default = 10
host: "127.0.0.1",
user: "root",
password: "root123!",
database: "scraperpeli"
};
var con = mysql.createPool(mysqlConOptions);
con.getConnection(function(err) {
if (err) throw err;
console.log("Conectado!");
});
function insertarpost()
{
return new Promise(function(resolve, reject) {
var sql = "INSERT INTO `wp_posts` ( `post_author`, `post_date`, `post_date_gmt`, `post_content`, `post_title`,`post_excerpt`, `post_status`,`comment_status`, `ping_status`,`post_password`, `post_name`,`to_ping`,`pinged`, `post_modified`, `post_modified_gmt`,`post_content_filtered`,`post_parent`, `guid`,`menu_order`, `post_type`, `post_mime_type`,`comment_count`) VALUES (1, '"+fhoy+"', '"+fhoy+"', '"+description+"', '"+title+"','', 'publish', 'open', 'closed','','"+slug+"','','', '"+fhoy+"', '"+fhoy+"','', '0','','0', 'movies','' ,0);";
con.query(sql, function (err, result) {
if (err) throw err;
resolve(result);
console.log("1 registro insertado");
});
});
}
insertarpost().then(obtenerultimopostid);
function obtenerultimopostid() {
return new Promise(function(resolve, reject) {
con.query("SELECT ID FROM wp_posts ORDER BY ID DESC LIMIT 0,1;", function (err, result, fields) {
console.log(result);
var sql = "INSERT INTO wp_postmeta (post_id, meta_key, meta_value) VALUES ("+result[0].ID+",'runtime', '"+runtime+"'),("+result[0].ID+",'original_title','"+titleoriginal+"'),("+result[0].ID+",'Rated','"+cpgrated+"'),("+result[0].ID+",'Country', '"+country+"'),("+result[0].ID+",'date', '"+datemovie+"'),("+result[0].ID+",'imdbRating', '"+repimdb+"'),("+result[0].ID+",'vote_average', '"+reptmdb+"'),("+result[0].ID+",'imdbVotes', '"+quantimdb+"'),("+result[0].ID+",'vote_count', '"+quanttmdb+"'),("+result[0].ID+",'tagline', '"+tagline+"'),("+result[0].ID+",'dt_poster', '"+poster+"'),("+result[0].ID+",'dt_backdrop', '"+backdrop+"'),("+result[0].ID+",'imagenes', '"+backdrops+"'),("+result[0].ID+",'dt_cast', '"+textimgreparto+"'),("+result[0].ID+",'dt_dir', '"+textimgreparto2+"');";
con.query(sql, function (err, result) {
if (err) throw err;
resolve(result);
console.log("1 registro wpmeta insertado");
});
});
}).then(function() {
let c1='';
con.query("SELECT ID FROM wp_posts ORDER BY ID DESC LIMIT 0,1;", function(err, result, fields) {
console.log(result);
for (var i = 0; i < getData.length; i++) {
let source = getData[i]["source"];
let text = getData[i]["text"];
let quality = getData[i]["quality"];
let lang = getData[i]["language"];
new Promise(function(resolve, reject) {
let sql = "INSERT INTO `wp_posts` ( `post_author`, `post_date`, `post_date_gmt`, `post_content`, `post_title`,`post_excerpt`, `post_status`,`comment_status`, `ping_status`,`post_password`, `post_name`,`to_ping`,`pinged`, `post_modified`, `post_modified_gmt`,`post_content_filtered`,`post_parent`, `guid`,`menu_order`, `post_type`, `post_mime_type`,`comment_count`) VALUES (1, '" + fhoy + "', '" + fhoy + "', '', '" + make + "','', 'publish', 'closed', 'closed','','" + make + "','','', '" + fhoy + "', '" + fhoy + "','', '" + result[0].ID + "','','0', 'dt_links','' ,0);";
con.query(sql, function(err, result) {
if (err) throw err;
c1=result.insertId
resolve(result);
console.log("1 registro link insertado");
});
}).then(function() {
console.log(c1);
let sql = "INSERT INTO wp_postmeta (post_id, meta_key, meta_value) VALUES (" + c1 + ",'_dool_url', '" + source + "'),(" + c1 + ",'_dool_type','" + text + "'),(" + c1 + ",'_dool_quality','" + quality + "'),(" + c1 + ",'_dool_lang','" + lang + "');";
con.query(sql, function(err, result) {
if (err) throw err;
console.log("1 registro link meta insertado");
});
// });
});
}
});
}
I don't know why that error comes out, too many queries, am I doing something wrong? thanks.
I have tried increasing the connection limit but nothing, I hope you can guide me to the resolution of the problem

How to solve? ER_BAD_FIELD_ERROR: Unknown column 'undefined' in 'field list'

I am trying to insert form data into MySQL database in nodejs using expressjs
When I run my code in command prompt it ran well but when I press the submit button, I got the following errors:
var connection = mysql.createConnection({
host : 'localhost',
user : 'root',
password:'',
database : 'test'
});
app.get("/", function(req, res){
res.render("home");
});
//when I press submit button it should post the request and render a page to submit route with text "data saved!!"
app.post("/submit", function(req, res){
var q = "Insert into test (ID, name, crash1, crash2, crash3) VALUES (null, '" + req.body.ANR + "', " + req.body.crash1 + ", " + req.body.crash2 + ", " + req.body.crash3 +")";
connection.query(q, function(err){
if(err) throw err
res.render("home", {message: 'data saved!!'});
})
});
I created a table in MySQL Command line
create table xyz(
ID BIGINT AUTO_INCREMENT PRIMARY KEY NOT NULL,
name VARCHAR(100) NOT NULL,
crash1 BIGINT,
crash2 BIGINT,
crash3 BIGINT
);
when I inserted manually it worked!
insert into xyz(ID, name, crash1, crash2, crash3) VALUES (1,'REERE', 2 ,2 ,2);
my error looks like this
You are inserting into test table in your code:
var q = "Insert into test (ID, name, crash1, crash2, crash3) VALUES (null, '" + req.body.ANR + "', " + req.body.crash1 + ", " + req.body.crash2 + ", " + req.body.crash3 +")";
But table name is xyz. You should replace test by xyz and it should work.
And don't pass null in id as well as id is not null.
Please convert crash1, crash2, crash3 into int value:
req.body.crash1 = parseInt(req.body.crash1);
req.body.crash2 = parseInt(req.body.crash2);
req.body.crash3 = parseInt(req.body.crash3);
It should be like:
var q = "Insert into xyz (name, crash1, crash2, crash3) VALUES ('" + req.body.ANR + "', " + req.body.crash1 + ", " + req.body.crash2 + ", " + req.body.crash3 +")";

SQL syntax error on INSERT with mysql using array of escaped req.body values

Thank you in advance for taking a look at this question! So, I am attempting to INSERT a row of data into a table named raw_base.
Here is the code:
const express = require('express');
const router = express.Router();
const mysql = require('mysql');
// Import MySQL Options
const options = require('../db_options');
const connection = mysql.createConnection(options);
router.post('/raw', (req, res) => {
let data = [
`${connection.escape(req.body[0].opened)}`,
`${connection.escape(req.body[0].funding_source)}`,
`${connection.escape(req.body[0].replace_existing_device)}`,
`${connection.escape(req.body[0].project)}`,
`${connection.escape(req.body[0].department)}`,
`${connection.escape(req.body[0].ritm_number)}`,
`${connection.escape(req.body[0].item)}`,
`${connection.escape(req.body[0].category)}`,
`${connection.escape(req.body[0].quantity)}`,
`${connection.escape(req.body[0].price)}`,
`${connection.escape(req.body[0].closed)}`
];
connection.query('INSERT INTO `raw_base` (`opened`, `funding_source`, `replace_existing_device`, `project`, `department`, `ritm_number`, `item`, `category`, `quantity`, `price`, `closed`) VALUES ?', [data], (error, results, fields) => {
if (error) throw error;
console.log(results);
});
As such, I am receiving the following error:
Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\'2018-07-26 13:34:33\'', '127548298', '0', '0', '\'Psychiatry Admin-Central\'', '' at line 1
If; however, I do not escape the values in the data array and add single quotes around the values in the sql INSERT query it works fine (like this):
connection.query('INSERT INTO `raw_base` (`opened`, `funding_source`, `replace_existing_device`, `project`, `department`, `ritm_number`, `item`, `category`, `quantity`, `price`, `closed`) VALUES ('
+ '\'' + req.body[0].opened + '\', '
+ '\'' + req.body[0].funding_source + '\', '
+ '\'' + req.body[0].replace_existing_device + '\', '
+ '\'' + req.body[0].project + '\', '
+ '\'' + req.body[0].department + '\', '
+ '\'' + req.body[0].ritm_number + '\', '
+ '\'' + req.body[0].item + '\', '
+ '\'' + req.body[0].category + '\', '
+ '\'' + req.body[0].quantity + '\', '
+ '\'' + req.body[0].price + '\', '
+ '\'' + req.body[0].closed + '\')'
, (error, results, fields) => {
if (error) throw error;
console.log(results);
});
I have also attempted to add single quotes around around each value in the data array with no luck. I assume this is a simple syntactical issue, but I can't seem to place my finger on exactly where I am going wrong. Thanks again for helping out!
Here is are the values from the data array (from req.body[0]):
[ '\'2018-07-26 13:34:33\'',
'127548298',
'0',
'0',
'\'Psychiatry Admin-Central\'',
'\'RITM0023102\'',
'\'HP USB Keyboard\'',
'\'Accessories\'',
'6',
'14',
'\'2018-08-22 12:51:40\'' ]
I think you missed the ( ) around the ? in your query.
Try this
const express = require('express');
const router = express.Router();
const mysql = require('mysql');
// Import MySQL Options
const options = require('../db_options');
const connection = mysql.createConnection(options);
router.post('/raw', (req, res) => {
let data = [
connection.escape(req.body[0].opened),
connection.escape(req.body[0].funding_source),
connection.escape(req.body[0].replace_existing_device),
connection.escape(req.body[0].project),
connection.escape(req.body[0].department),
connection.escape(req.body[0].ritm_number),
connection.escape(req.body[0].item),
connection.escape(req.body[0].category),
connection.escape(req.body[0].quantity),
connection.escape(req.body[0].price),
connection.escape(req.body[0].closed)
];
connection.query('INSERT INTO `raw_base` (`opened`, `funding_source`, `replace_existing_device`, `project`, `department`, `ritm_number`, `item`, `category`, `quantity`, `price`, `closed`) VALUES (?)', [data], (error, results, fields) => {
if (error) throw error;
console.log(results);
});
Edit: extracted the connection.escape from the Strings.
Removed the connection.escape()'s completely from the data array (in doing some more research it appears it is unnecessary to escape these values):
const express = require('express');
const router = express.Router();
const mysql = require('mysql');
// Import MySQL Options
const options = require('../db_options');
const connection = mysql.createConnection(options);
router.post('/raw', (req, res) => {
let data = [
req.body[0].opened,
req.body[0].funding_source,
req.body[0].replace_existing_device,
req.body[0].project,
req.body[0].department,
req.body[0].ritm_number,
req.body[0].item,
req.body[0].category,
req.body[0].quantity,
req.body[0].price,
req.body[0].closed
];
connection.query('INSERT INTO `raw_base` (`opened`, `funding_source`, `replace_existing_device`, `project`, `department`, `ritm_number`, `item`, `category`, `quantity`, `price`, `closed`) VALUES (?)', [data], (error, results, fields) => {
if (error) throw error;
console.log(results);
});

Node JS MySQL - Inserting Data.. No Rows updates in Database

I am trying to Insert Data in Database through Node JS. Code working good showing "Record Inserted" msgs but no rows getting updated in MySQL.
This is the code where i am performing insert operation
connection.query('SELECT * FROM menu WHERE item_name=\'' + userResponces[2].toLowerCase() + '\'', function(err, rows){
if (err) throw err;
else{
i_id = rows[0].item_id;
console.log('i_id ' + i_id);
connection.query('INSERT INTO customer VALUES(default,' + c_name + ',' + c_addr + ',' + c_mob + ')', function(err, res){
if(err.fatal){
console.log(''+err.message);
}
else{
console.log("Record Inserted");
connection.query('SELECT MAX(customer_id) AS c_id FROM customer', function(err, res){
if(err) throw err;
else{
c_id = parseInt(res[0].c_id) + 1;
console.log('c_id ' + c_id);
console.log(i_id + ' ' + c_id + ' ' + qty);
connection.query('INSERT INTO order1() VALUES(default,' + i_id + ',' + c_id + ',' + qty + ',1)', function(err, res){
if(err) throw err;
else
console.log("Record Inserted");
});
}
});
}
});
}
});
In above code SELECT statement working perfectly, so undoubtedly no error in connection. Still this is for connection.
var mysql = require('mysql');
var connection = mysql.createConnection({
host : 'localhost',
user : 'nodeuser',
password : 'password',
database : 'foodorder'
});
connection.connect(function(err){
if(!err) {
console.log("Database is connected ...");
} else {
console.log("Error connecting database ...");
}
});
You first condition tests err.fatal.
But if the query returns a SQL error like ER_NO_SUCH_TABLE, err object hasn't a fatal property.
{ [Error: ER_NO_SUCH_TABLE: Table 'bad_table_name' doesn't exist]
code: 'ER_NO_SUCH_TABLE',
errno: 1146,
sqlState: '42S02',
index: 0 }
So, here, you should test on err rather than err.fatal
connection.query('INSERT INTO customer VALUES(default,' + c_name + ',' + c_addr + ',' + c_mob + ')', function(err, res){
if (err){
return console.log(err);
}
else{
console.log("Record Inserted");
// ...
});
Btw, think about escaping values :
connection.query(
'INSERT INTO customer VALUES(default, ?, ?, ?)',
[c_name, c_addr, c_mob],
function(err, res) {
//...
}
);