2

I am running a mysql query with WHERE, I would like to include my input prompt variable, input how would I go about doing so? my current query is like so, 

var connect = connection.query('SELECT url FROM Sonic_url WHERE name='   
 + input //<where I'm confused
, function(err, rows, fields) {
Improve this question

1 Answer 1

Reset to default
6

You can just include it the way you did, but that will give you an unescaped query which is open to sql - injection. To prevent you from this, you can use mysql.format

var sql = mysql.format("SELECT url FROM Sonic_url WHERE name=?", [input]);
var connection = connection.query(sql, function(err,rows,fields) {});
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you! also, any good method of hiding mysql logins in a script?
node env for example, though I like dotenv. You can use an .env file with your credentials then. @alextix
Thank you very much, I will try that.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.