Skip to content

Escaping fields is not working. #644

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
yalamber opened this issue Nov 16, 2013 · 11 comments
Closed

Escaping fields is not working. #644

yalamber opened this issue Nov 16, 2013 · 11 comments

Comments

@yalamber
Copy link

Hello,
I am using 2.0.0-alpha9 version of node-mysql below is my code where i am trying to escape the fields.

mysqlPool.getConnection(function(err, connection){
  var sql = 'SELECT ?? FROM ?? WHERE user_id = ?';
  var columns = ['username', 'password'];
  connection.query(sql, [columns, 'users', 1], function(err, result){
    console.log(err);
  });
});

Above codes gives me following error:
TypeError: Object username,password has no method 'replace'
at Object.SqlString.escapeId (/Users/yalambersubba/Sites/works/sconnect/api_server/node_modules/mysql/lib/protocol/SqlString.js:7:20)
at /Users/yalambersubba/Sites/works/sconnect/api_server/node_modules/mysql/lib/protocol/SqlString.js:70:24
at String.replace (native)
at Object.SqlString.format (/Users/yalambersubba/Sites/works/sconnect/api_server/node_modules/mysql/lib/protocol/SqlString.js:64:14)
at PoolConnection.Connection.format (/Users/yalambersubba/Sites/works/sconnect/api_server/node_modules/mysql/lib/Connection.js:151:20)
at PoolConnection.Connection.query (/Users/yalambersubba/Sites/works/sconnect/api_server/node_modules/mysql/lib/Connection.js:106:20)
at /Users/yalambersubba/Sites/works/sconnect/api_server/tests/baseModelTest.js:39:20
at Pool. (/Users/yalambersubba/Sites/works/sconnect/api_server/node_modules/mysql/lib/Pool.js:52:14)
at Handshake.Sequence.end (/Users/yalambersubba/Sites/works/sconnect/api_server/node_modules/mysql/lib/protocol/sequences/Sequence.js:75:24)
at Handshake.Sequence.OkPacket (/Users/yalambersubba/Sites/works/sconnect/api_server/node_modules/mysql/lib/protocol/sequences/Sequence.js:84:8)
at Protocol._parsePacket (/Users/yalambersubba/Sites/works/sconnect/api_server/node_modules/mysql/lib/protocol/Protocol.js:172:24)
at Parser.write (/Users/yalambersubba/Sites/works/sconnect/api_server/node_modules/mysql/lib/protocol/Parser.js:62:12)
at Protocol.write (/Users/yalambersubba/Sites/works/sconnect/api_server/node_modules/mysql/lib/protocol/Protocol.js:37:16)
at Socket.ondata (stream.js:51:26)
at Socket.EventEmitter.emit (events.js:117:20)
at Socket. (stream_readable.js:746:14)
at Socket.EventEmitter.emit (events.js:92:17)
at emitReadable (_stream_readable.js:408:10)
at emitReadable (_stream_readable.js:404:5)
at readableAddChunk (_stream_readable.js:165:9)
at Socket.Readable.push (_stream_readable.js:127:10)
at TCP.onread (net.js:526:21)
@RB-Lab
Copy link

RB-Lab commented Nov 16, 2013

Confirm. I see the same behaviour.

@felixge
Copy link
Collaborator

felixge commented Nov 16, 2013

Please read the docs. You're using the API incorrectly: https://github.com/felixge/node-mysql#escaping-query-values

@felixge felixge closed this as completed Nov 16, 2013
@RB-Lab
Copy link

RB-Lab commented Nov 16, 2013

Wait, wait.. Isn't that code do exactly the same thing that in your example? (Actually I've ran example and it not works to). This example: https://github.com/felixge/node-mysql#escaping-query-identifiers

var userId = 1;
var columns = ['username', 'email'];
var query = connection.query('SELECT ?? FROM ?? WHERE id = ?', [columns, 'users', userId], function(err, results) {
  // ...
});

console.log(query.sql); // SELECT `username`, `email` FROM `users` WHERE id = 1

It actually can't replace ?? with escaped array (columns).

@yalamber
Copy link
Author

Hello,
I tried to follow exactly as provided in the example here https://github.com/felixge/node-mysql#escaping-query-identifiers
Please can you point me in the directions where I am not using api properly in my code.

@RB-Lab
Copy link

RB-Lab commented Nov 16, 2013

It seems that I find it. The problem is in NPM package only. In GitHub version it's already fixed. So you can copy node-mysql/lib/protocol/SqlString.js from GitHub repository to your working directory and everything should be ok. I hope in NPM repository it would be fixed soon.

@yalamber
Copy link
Author

Thank you, the Github version worked well.

@dougwilson
Copy link
Member

Just so everyone knows, the feature @yalamber is trying to use is a new feature that hasn't been released to npm yet (not a bug that hasn't been fixed yet). The feature is passing an array for ?? will produce a list of the escaped expressions.

@RB-Lab
Copy link

RB-Lab commented Nov 18, 2013

Yes, but there is misleading docs if so. I mean.. in docs written: npm install ... ...bla-bla-bla... var columns = ['username', 'email']; And if you do what is written in docs, you get error. So you think that there is a bug. And write here. Aren't you? =)

@dougwilson
Copy link
Member

Yes, it may seem strange, but just like any project on GitHub.com, the README on the home page is about the latest code, not always the code you are using. The alpha9 documentation is at https://github.com/felixge/node-mysql/tree/v2.0.0-alpha9

@RB-Lab
Copy link

RB-Lab commented Nov 18, 2013

Oh. Thanx. I didn't know that!

@dougwilson
Copy link
Member

This is on npm now, by the way, as v2.0.0-rc1.

dveeden pushed a commit to dveeden/mysql that referenced this issue Jan 31, 2023
@elemount @julienschmidt
Mark AllowNativePassword in DSN param string be true by default. (m…
37b91d8 
…ysqljs#644)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@felixge @dougwilson @yalamber @RB-Lab