SELECT WHERE IN in node-mysql

javascript node.js node-mysql
Takehiro Adachi picture Takehiro Adachi · Jun 14, 2012 · Viewed 9k times · Source

Does anyone know how to use SELECT WHERE IN in node-mysql?

I've tried the code below, but I get the following error message:

'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''(`PHP`,`apache`)'' at line 1'

This is my code:

whereIn = '(';
for ( var i in tagArray ) {
    if ( i != tagArray.length - 1 ) {
        whereIn += "`" + tagArray[i] + "`,";    
    }else{
        whereIn += "`" + tagArray[i] + "`"; 
    }
}
whereIn += ')';

console.log(whereIn);

client.query(
    'SELECT tag_id FROM tag WHERE tag_name IN ?',
    [whereIn],
    function(err, result, fields) {
        client.destroy();

        if (err) {
            throw err;
        }

        console.log(result);

        res.redirect('/');
    }
);

Answer

Daniele Vrut picture Daniele Vrut · Mar 6, 2015

You have to use IN (?) and NOT IN ?.

Any string manipulation may result in a SQL INJECTION backdoor.

Related questions

Preventing SQL injection in Node.js

Is it possible to prevent SQL injections in Node.js (preferably with a module) in the same way that PHP had Prepared Statements that protected against them. If so, how? If not, what are some examples that might bypass the …

Read More
How to make login form in node.js using mysql database

I am new in node.js and i want to make a login page using express and mysql database,Please share with me your idea with example.

Read More
In node.js mysql query, check if no matching found

How can I check if no matching found in mysql (node.js)? mysql.query("select * from table1 where name = 'abcd'", function(error, result, field) { if(error) { exist(error); //No error } else if(result) { console.log(result); //displays '[]' exist(…

Read More