0

I'm using nodejs 0.10.12 and the pg module, version 2.2.0.

Now, on the server side I have a code like

var ja=message.utf8Data;
var query = client.query("SELECT pins.p_name FROM pins WHERE  p_id = ja");

ja is a var, representing an int,came from the client side, through websockets. I'm trying to use it to the query but I can not. I can not find the right syntax to make it work. The query and the code in general work fine, if I replace ja in the query with , for example, 64. I tried syntax like p_id=(ja) but I keep getting errors like undefiend or ja is not a column in a table.

What is the rigth syntax?

Thanks

Improve this question
1
  • You need to use parameters. Commented Jul 18, 2013 at 0:13

1 Answer 1

Reset to default
1 
client.query("SELECT pins.p_name FROM pins WHERE p_id ="+ja);

Should do the trick. Since it's coming in over a socket you might want to do some sanitization of the input to prevent injection attacks. The mysql-node module has a good function for that

  connection.escape()

Or alternatively,

connection.query('SELECT ? FROM myTable',[ja],function(err,rows) {});
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.