I'm doing an INSERT on my backend with node.js using mssql, the problem is: when i run the code the INSERT not work and there's no log error:
str_query= "INSERT INTO t1 (id,age,name) VALUES (#ID,#AGE,#NAME) ";
request.input('ID',sql.int,NULL);
request.input('NAME',sql.varchar,NULL);
request.input('AGE',sql.int,NULL);
request.query(str_query, function (err, recordset) {//doing stuff}
So basically seems impossibile to insert a null value in a INT column. Is there any way?
Related
I was trying to do some sql injection in node mysql library.
I have an Insert query written in Nodejs using by doing:
pool.query(`Insert into orders(orderType,CustomerID,storeNumber,stageNumber) Values('${orderType}',${customerID},'${storeNumber}','${stageNumber}')`,function(err,rows,fields){
if(err){
console.log(err)
}
var orderID=rows.insertId
}
All of the varaibles comes form a form which I am receiving using req.body
In the stageNumber field in the form instead of the storeNumber I was writing:
'); Delete from orderDetail;
This did not delete anything from my table
From my console.log(err) i get
Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the right
syntax to use near 'Delete from orderDetail;')'
I cannot think of a way to remove the ')' but I know where it is coming from. Is it even possible to do SQL injection in Node MySQL library?
Have you already tried
'); Delete from orderDetail; --
This will ignore any characters post -- and should ideally work in this case.
I have the following JavaScript that I am executing through Node
function afterConnection() {
var query = connection.query("SELECT * FROM playlist;", function (err, res) {
if (err) throw err;
console.log(res);
connection.end();
});
console.log(`The query that ran: ${query.sql}`)
}
Pretty basic. If I execute this code from my Windows 10 machine running MySQL 8 this logs the result set to the console. If I run this same code on macOS 13.5 running the same version of MySQL the code prints an empty array to the console. I know that I am connected to MySQL because if I change the query to something entirely invalid (like trying to SELECT from a table that doesn't exist) I get an error back saying the Table is invalid. So MySQL is consuming the command but isn't sending back a result. If i run the query directly in MySQL it returns the data I would expect. I have double checked my connection strings and there doesn't seem to be any problem there. Additionally if I run the query directly in Workbench data is returned from there as I would expect. Any thoughts?
why does this sql-query always return the row as undefined??
CoffeeScript:
data.get "insert into users (name, password)
values ('#{user.name}', '#{user.password}')", (err, row) ->
thanks.
data.get is for queries, not for inserts. What is happening is that the statement returns an error.
See this for a tutorial on how to insert tuples:
Intro to Coffee Script and SQLite
I am running a mysql query with WHERE, I would like to include my input prompt variable, input how would I go about doing so? my current query is like so,
var connect = connection.query('SELECT url FROM Sonic_url WHERE name='
+ input //<where I'm confused
, function(err, rows, fields) {
You can just include it the way you did, but that will give you an unescaped query which is open to sql - injection. To prevent you from this, you can use mysql.format
var sql = mysql.format("SELECT url FROM Sonic_url WHERE name=?", [input]);
var connection = connection.query(sql, function(err,rows,fields) {});
I'm working on creating a JavaScript file to get a JSON dump of an entire MySQL database, running on server side. I found and am using the MySQL driver for node.js (https://www.npmjs.com/package/mysql) for queries, it's been straight forward enough to start. My issue is that I need to call multiple queries and get the results from all of them to put into a single JSON file and I can't quite get that to work. I'm entirely new to JavaScript (basically never touched it before now) so it's probably a relatively simple solution that I'm just missing.
Currently I do a query of 'SHOW TABLES' to get a list of all the tables (this can change so I can't just assume a constant list). I then just want to basically loop through the list and call 'SELECT * from table_name' for each table, combining the results as I go to get one big JSON. Unfortunately I haven't figured out how to get the code to finish all the queries before trying to combine them, thus retuning 'undefined' for all the results. Here is what I currently have:
var mysql = require('mysql');
var fs = require('fs');
var connection = mysql.createConnection({
host: 'localhost',
user: 'root',
password: 'pass',
database: 'test_data'
});
connection.connect();
connection.query('SHOW TABLES;', function(err, results, fields)
{
if(err) throw err;
var name = fields[0].name;
var database_json = get_table(results[0][name]);
for (i = 1; i < results.length; i++)
{
var table_name = results[i][name];
var table_json = get_table(table_name);
database_json = database_table_json.concat(table_json);
}
fs.writeFile('test_data.json', JSON.stringify(database_json), function (err)
{
if (err) throw err;
});
connection.end();
});
function get_table(table_name)
{
connection.query('select * from ' + table_name + ';', function(err, results, fields) {
if(err) throw err;
return results;
});
}
This gets the table list and goes through all of it with no issue, and the information returned by the second query is correct if I just do a console.log(results) inside the query, but the for loop just keeps going before any query is completed and thus 'table_json' just ends up being 'undefined'. I really think this must be an easy solution (probably something with callbacks which I don't quite understand fully yet) but I keep stumbling.
Thanks for the help.
I'm guessing that this is for some sort of maintenance type function and not a piece that you need for your application. You're probably safe to do this asynchronously. This module is available here: https://github.com/caolan/async
You can also use Q promises, available here: https://github.com/kriskowal/q
This answer: describes both approaches pretty well: Simplest way to wait some asynchronous tasks complete, in Javascript?