在节点js mysql查询中删除斜杠
这是我的代码。
pool.getConnection(function (err, connection) { connection.query("delete from userFiles where type = 1 and typeId = " + taskId + " and fileName NOT IN ('?') ",[oldFileNames], function (err, rows) { }); });
现在问题是,节点js正在这样生成查询,
delete from table_name where type = 1 and typeId = 1 and fileName NOT IN (\'\'upload_149f2b78e5fd4096781bb5b8719b874f.png,upload_e8185e896cb0f8bb0b66d807cc60922c.png\'\')
我甚至尝试过这样
connection.query("delete from userFiles where type = 1 and typeId = " + taskId + " and fileName NOT IN ('" + oldFileNames + "') ", function (err, rows) {
这样生成的查询就像这样,
delete from userFiles where type = 1 and typeId = 1 and fileName NOT IN (\'upload_149f2b78e5fd4096781bb5b8719b874f.png, upload_e8185e896cb0f8bb0b66d807cc60922c.png\')
这两个都导致查询的mysql
语法错误(斜杠正在追加)。
你能build议,我能做些什么来摆脱这个错误。
你不应该自己添加引号?
占位符。 删除它们。
你也应该传递一个数组,而不是一个string。 假设它是一个干净的string,你可以使用split
。
connection.query( "delete from userFiles where type = 1 and typeId = " + taskId + " and fileName NOT IN (?) ", [oldFileNames.split(/,\s*/)], function (err, rows) {
一个可能的解决scheme是使用connection.escape();
connection.query("delete from userFiles where type = 1 and typeId = " + taskId + " and fileName NOT IN (" + connection.escape(oldFileNames) + ")");