Home > Net >  How in pg to prepare queries with named variables in the LIKE clause between two percent?
How in pg to prepare queries with named variables in the LIKE clause between two percent?

Time:10-23

i have a code

import { Pool } from 'pg'
import { pg as named } from 'yesql'

const db = new Pool({
    host: 'localhost',
    user: 'postgres',
    password: '1',
    database: 'libcourse'
})

const query = `select * from table where column like '%:var%'`
const result = await db.query(named(query)({var: 'test'})).rows

:var is not recognized as a variable

CodePudding user response:

I assume that yesql is only able to inject variables into an SQL statement where placeholders would also be allowed, otherwise SQL injection attacks would be too hard to detect. And a placeholder between percent signs is not allowed, neither is a placeholder in quotes.

The solution is to include the percent signs in the variable value:

const query = `select * from table where column like :var`
const result = (await db.query(named(query)({var: `%${'test'}%`))).rows

(Also, you should not await the rows, but take the rows of the awaited result.)

Page link:https//www.codepudding.com/net/585077.html

Prev:how to count two same property with different values in mongoose?
Next:In react setInterval and again setInterval. I want to check if user is active on the page or not
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding