0

I am trying to delete a row in MYSQL table from NodeJS route. The query works fine by itself when i run it in MySQL Workbench. When executed from Node the row is not deleted. I don't get any error messages on either server or client side. Here is the code:

router.post('/bid_delete', async (req, res) => {
 let bid_no = req.body['bid_no']
 let qrBids= "SET SQL_SAFE_UPDATES = 0; DELETE FROM bids_hdr WHERE 
 bid_gen_id ='" + bid_no + "';"  
 await pool.query( qrBids, (err, result) => {
  if (err) {
    res.send(err)
  } else {
    res.json({success : true})
  }  
 });  
})

Thanks in advance for any guidance.

Improve this question
4
  • 3
    You can't execute multiple queries in a single call to pool.query(). Execute them sequentially. Commented Jun 19, 2019 at 15:52
  • 2
    You should also use placeholders in the query rather than concatenating strings, to prevent SQL injection. Commented Jun 19, 2019 at 15:52
  • @Barmar. Thank You very much. Can you explain briefly use of placeholders with example if possible. Commented Jun 19, 2019 at 15:54
  • Do you really have a newline in the qrBids string? JavaScript doesn't allow newlines in string literals (you can use them in template literals, but not single-quoted or double-quoted literals). Commented Jun 19, 2019 at 15:56

2 Answers 2

Reset to default
1

Do SET SQL_SAFE_UPDTES = 0; in a separate query.

And use a placeholder instead of concatenation to substitute a variable into the query.

router.post('/bid_delete', async (req, res) => {
 let bid_no = req.body['bid_no']
 let qrBids= "DELETE FROM bids_hdr WHERE bid_gen_id = ?"  
 await pool.query( "SET SQL_SAFE_UPDATES = 0");
 await pool.query( qrBids, [bid_no], (err, result) => {
  if (err) {
    res.send(err)
  } else {
    res.json({success : true})
  }  
 });  
})
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Got it. Thanks a lot.
0

Try to pass param as is eg. 

let qrBids= "SET SQL_SAFE_UPDATES = 0; DELETE FROM bids_hdr WHERE bid_gen_id = '1';"
Improve this answer

1 Comment

The parameter comes from a variable, he can't hard-code it like this.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.