Javascript 使用node/js/MySQL工作台将变量传递给查询字符串
问题:将变量传递到insert语句时,我在数据库中接收到一个null insert。变量有firstName、lastName、email、passW 我知道:我知道我正在取回用户输入表单数据。在insert语句开始工作并将表单数据打印到控制台之前,我正在对它们存储到的变量进行控制台处理。当表单在网页上提交时,它存储“firstName”、“LastName”、“email”、“passW”,这些都是变量。但当我将它们传递到MySQL Workbench时,它们是以null的形式发布的。我的结论是没有正确地传递变量,但是当我尝试从这个页面和其他页面的建议时,它抛出了一个语法错误,即SQL的语法不正确。我试着添加尽可能多的信息,如果你还需要我不提供的信息或者需要我发布测试结果,LMK 代码Javascript 使用node/js/MySQL工作台将变量传递给查询字符串,javascript,html,mysql,node.js,express,Javascript,Html,Mysql,Node.js,Express,问题:将变量传递到insert语句时,我在数据库中接收到一个null insert。变量有firstName、lastName、email、passW 我知道:我知道我正在取回用户输入表单数据。在insert语句开始工作并将表单数据打印到控制台之前,我正在对它们存储到的变量进行控制台处理。当表单在网页上提交时,它存储“firstName”、“LastName”、“email”、“passW”,这些都是变量。但当我将它们传递到MySQL Workbench时,它们是以null的形式发布的。我的结论
var express=要求(“快递”);
var http=require(“http”);
var mysql=require(“mysql”);
var express=要求(“快递”);
var路径=要求(“路径”);
var-app=express();
var端口=3001;
//设置Express应用程序以处理数据解析
use(express.urlencoded({extended:false}));
app.use(express.static(path.join(u dirname,'public'));//测试
使用(express.json());
app.use(“/assets”,express.static(“assets”))
//主页路线
应用程序获取(“/”,函数(请求,恢复){
res.sendFile(path.join(uu dirname,“index.html”);
});
//创建帐户路由
app.get(“/create”,函数(req,res){
res.sendFile(path.join(\uu dirname,“create.html”))
});
//登录路径
app.get(“/login”,函数(req,res){
res.sendFile(path.join(\uu dirname,“login.html”))
});
//数据库连接
var connection=mysql.createConnection({
主机:“本地主机”,
用户:“根”,
密码:“”,
数据库:“体育角”,
港口:3306,
});
//连接响应
connection.connect(函数(err){
log(“SQL作为id连接”+connection.threadId)
});
//从我们的登录表单中获取数据
app.post('/handler',函数(req,res){
//来自表单的用户输入
var firstName=req.body.firstName;
var lastName=req.body.lastName;
var email=req.body.email;
var passW=req.body.password;
//测试存储在变量中的响应
日志(“F:+firstName”,L:+lastName,E:+email,P:+passW)
查询(“插入登录信息值(firstName、lastName、email、passW)”,函数(err、res){
如果(错误)抛出错误;
console.log(“插入…”)
});
//从数据库获取登录信息
connection.query('SELECT*from loginInfo',函数(err,res){
如果(错误)抛出错误;
console.log(res)
日志(“响应…”)
})
});
//启动服务器
app.listen(端口,函数(){
console.log(“正在侦听的服务器:http://localhost:“+港口);
});
(表格)
提前感谢您的帮助尝试更改此设置:
connection.query("INSERT INTO loginInfo VALUES(firstName, lastName, email, passW)", function (err, res) {
if (err) throw err;
console.log("Inserted ...")
});
为此:
connection.query(`INSERT INTO loginInfo VALUES('${firstName}', '${lastName}', '${email}', '${passW}')`, function (err, res) {
if (err) throw err;
console.log("Inserted ...")
});
将此用作插入查询
var sql = `INSERT INTO loginInfo
VALUES
(
?, ?, ?, ?
)`;
connection.query(sql, [firstName, lastName, email, passW], function (err, res) {
if (err) throw err;
console.log("Inserted ...")
});
你好,我已经调试了你的代码如下
var express = require("express");
var http = require("http");
var mysql = require("mysql");
var express = require("express");
var path = require("path");
var app = express();
var PORT = 3001;
// Sets up the Express app to handle data parsing
app.use(express.urlencoded({ extended: false }));
app.use(express.static(path.join(__dirname, 'public'))); // testing
app.use(express.json());
app.use("/assets", express.static("assets"))
// home page route
app.get("/", function (req, res) {
res.sendFile(path.join(__dirname, "index.html"));
});
// create account route
app.get("/create", function (req, res) {
res.sendFile(path.join(__dirname, "create.html"))
});
// login route
app.get("/login", function (req, res) {
res.sendFile(path.join(__dirname, "login.html"))
});
// DB Connection
let connection = mysql.createConnection({
host: "localhost",
user: "root",
password: "root",
database: "sportsCorner",
port: 3306
});
// connection response
connection.connect(function (err) {
if (err) throw err;
console.log("Connected to MySQL database!");
});
// Takes the data from our login form
app.post('/handler', function (req, res) {
// user input from the forms
var firstName = req.body.firstName;
var lastName = req.body.lastName;
var email = req.body.email;
var passW = req.body.password;
// testing our responses stored in the variables
console.log("F: " + firstName, "L: " + lastName, "E: " + email, "P: " + passW)
let queryAddUser = `INSERT INTO loginInfo (firstName, lastName, email, passW) \
VALUES (?, ?, ?, ?)`;
// Protect your query from SQL attacks
let preparedQuery = connection.format(queryAddUser, [firstName, lastName, email, passW]);
// Execute the query
connection.query(preparedQuery, function (error, result) {
if (error) throw error;
console.log('QUERY ADD NEW USER EXECUTED SUCCESSFULLY', result);
});
// Query count users
let queryCountUsers = "SELECT count(*) as totalUsers FROM `loginInfo`";
// Execute the query
connection.query(queryCountUsers, function (error, result) {
if (error) throw error;
console.log('QUERY queryCountUsers EXECUTED SUCCESSFULLY', result);
});
});
// Start Server
app.listen(PORT, function () {
console.log("Server listening on: http://localhost:" + PORT);
});
我添加了prepare查询语句connection.format(),以防止SQL注入攻击
谢谢您这么快的回复。我试了一下,得到了一个新的错误代码。我会把它添加到下面的
错误:ER\u PARSE\u错误:您的SQL语法有错误;在第1行“@test.com,tester)”附近,查看与MySQL服务器版本对应的手册,以了解要使用的正确语法。我已经编辑了答案。您能再检查一下吗?您可能想更仔细地阅读mysql节点的文档。
var sql = `INSERT INTO loginInfo
VALUES
(
?, ?, ?, ?
)`;
connection.query(sql, [firstName, lastName, email, passW], function (err, res) {
if (err) throw err;
console.log("Inserted ...")
});
var express = require("express");
var http = require("http");
var mysql = require("mysql");
var express = require("express");
var path = require("path");
var app = express();
var PORT = 3001;
// Sets up the Express app to handle data parsing
app.use(express.urlencoded({ extended: false }));
app.use(express.static(path.join(__dirname, 'public'))); // testing
app.use(express.json());
app.use("/assets", express.static("assets"))
// home page route
app.get("/", function (req, res) {
res.sendFile(path.join(__dirname, "index.html"));
});
// create account route
app.get("/create", function (req, res) {
res.sendFile(path.join(__dirname, "create.html"))
});
// login route
app.get("/login", function (req, res) {
res.sendFile(path.join(__dirname, "login.html"))
});
// DB Connection
let connection = mysql.createConnection({
host: "localhost",
user: "root",
password: "root",
database: "sportsCorner",
port: 3306
});
// connection response
connection.connect(function (err) {
if (err) throw err;
console.log("Connected to MySQL database!");
});
// Takes the data from our login form
app.post('/handler', function (req, res) {
// user input from the forms
var firstName = req.body.firstName;
var lastName = req.body.lastName;
var email = req.body.email;
var passW = req.body.password;
// testing our responses stored in the variables
console.log("F: " + firstName, "L: " + lastName, "E: " + email, "P: " + passW)
let queryAddUser = `INSERT INTO loginInfo (firstName, lastName, email, passW) \
VALUES (?, ?, ?, ?)`;
// Protect your query from SQL attacks
let preparedQuery = connection.format(queryAddUser, [firstName, lastName, email, passW]);
// Execute the query
connection.query(preparedQuery, function (error, result) {
if (error) throw error;
console.log('QUERY ADD NEW USER EXECUTED SUCCESSFULLY', result);
});
// Query count users
let queryCountUsers = "SELECT count(*) as totalUsers FROM `loginInfo`";
// Execute the query
connection.query(queryCountUsers, function (error, result) {
if (error) throw error;
console.log('QUERY queryCountUsers EXECUTED SUCCESSFULLY', result);
});
});
// Start Server
app.listen(PORT, function () {
console.log("Server listening on: http://localhost:" + PORT);
});