Javascript 当查询有3个条件时显示mysql解析错误
我有一个对本地数据库的select查询,由于某种原因,出现以下错误:Javascript 当查询有3个条件时显示mysql解析错误,javascript,mysql,Javascript,Mysql,我有一个对本地数据库的select查询,由于某种原因,出现以下错误: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'FROM site WHERE name = OCC AND date_start = 2018-07-30 08:00:
ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'FROM site WHERE name = OCC AND date_start = 2018-07-30 08:00:00 AND date_end = '' at line 1
我的问题是:
connection.query("SELECT *, FROM shop WHERE name = " + shop_name + " AND date_start = " + myDate + " AND date_end = " + myDate2, function (err, result)
{
if (err)
{
console.log("Error Is:" + err);
}
else
{
console.log('DATA EXISTING IS =' + JSON.stringify(result));
}
});
我遗漏了什么吗?通常的咒语是:使用参数化查询。它们将阻止SQL注入,并使您的服务更加安全。此外,在使用字符串连接构建查询时,它们将处理常见的陷阱 让我们看看您的查询
"SELECT *, FROM shop WHERE name = " + shop_name + " AND date_start = " + myDate + " AND date_end = " + myDate2
这意味着
SELECT *, FROM shop WHERE name = myshop AND date_start = 2018-07-30 AND date_end = 2018-08-10
至少有3个错误
选择*
后面的,
这也是错误告诉您的。我想您有一个列列表,并将其替换为*name
列肯定是某个char列。所以你必须用引号把你的值括起来 "SELECT * FROM shop WHERE name = '" + shop_name + "' AND date_start = '" + myDate + "' AND date_end = '" + myDate2 +"'"
取决于myDate
和myDate2
是什么
如果使用参数化查询,至少不会出现问题2和问题3。请参阅您正在使用的库的文档。逗号
SELECT*,
是一个语法错误。请在上面+添加单引号,如name='“+shop_name+”
。我还建议使用参数化查询,因为这可能会受到SQL注入的影响