Query a connection object with parameters
suggest changeWhen you want to use user generated content in the SQL, it with done with parameters. For example for searching user with the name aminadav
you should do:
var username = 'aminadav';
var querystring = 'SELECT name, email from users where name = ?';
connection.query(querystring, [username], function(err, rows, fields) {
if (err) throw err;
if (rows.length) {
rows.forEach(function(row) {
console.log(row.name, 'email address is', row.email);
});
} else {
console.log('There were no results.');
}
});
Found a mistake? Have a question or improvement idea?
Let me know.
Table Of Contents