javascript - Express.js - error when trying to pull data from mysql -

- February 15, 2010

i using following controller action:

exports.search = function(req, res) {  var x = [];  if (req.query.criteria == 'language') {     var langquery ="select * languages language '%" + req.query.val + "%' order verbal desc";      client.query(langquery, function(err, results) {         if (err) {             throw err;         }          client.query('select * humans', function(err, hmns) {             if (err) {                 throw err;             }              for(var = 0; < results.length; i++) {                 for(var j = 0; j < hmns.length; j++) {                     if(hmns[j].request == results[i].request) {                         x.push(hmns[j]);                     }                 }             }              res.render('allhumans', { title: 'search results', humans: x});         });     }); }else{     var query = "select * humans " + req.query.criteria + " '%" + req.query.val + "%'";      client.query(query, function(err, results) {         if (err) {             throw err;         }          res.render('allhumans', { title: 'search results', humans: results});     }); }   }

my languages table has following columns (id excluded): request, language, verbal, writing, assessor

i have following entries:

request | language | verbal | writing | assessor  req123       ru         3         3       name req123       en         4         4       name req321       ru         5         5       name  req321       en         2         3       name

when search ru, code executes perfectly, when search en returns empty array. why that?

looking forward feedback!

thank you!

edit: humans table has request column unique every human entry. request column in languages table foreign key. (one human can have more language skills) req.query.val ru when search ru (works perfectly) , en when try search en.

edit1: human entries:

request | first name | last name | contact req123      john         trump      000 req321      mary         jane       000

edit2: i've fixed it! have modified loop. think problem :) have updated code in post well. still, tried escaping values before inserting data table using ( client.escape() - function provided mysql node module), breaks all! following error:

er_parse_error: have error in sql syntax;  check manual corresponds mysql server  version right syntax use near 'e'%' order verbal desc'  @ line 1

for reason, after escaping data, adds single quotation marks , breaks query.

you assuming y (holding request rows if of given language) @ least long "all humans" (resultss), seems me false.

in addition, not escaping req.query.criteria , req.query.val, leaving wide open sql injection attacks. should fix :)

(it others if posted actual error message getting. , if showed few human rows).

Search This Blog

LAVA

javascript - Express.js - error when trying to pull data from mysql -

Comments

Post a Comment

Popular posts from this blog

java - activate/deactivate sonar maven plugin by profile? -

python - TypeError: can only concatenate tuple (not "float") to tuple -

java - What is the difference between String. and String.this. ? -