I am trying to convert this:
var query_string = 'SELECT protein_A, protein_B, PIPE_score, site1_A_start FROM ' + organism + PIPE_output_table +
' WHERE ' + score_type + ' > ' + cutoff['range'] + ' AND protein_A = "' + item + '" ' +
'UNION SELECT protein_A, protein_B, PIPE_score, site1_A_start FROM ' + organism + PIPE_output_table +
' WHERE ' + score_type + ' > ' + cutoff['range'] + ' AND protein_B = "' + item + '";';
db.each(query_string, function (err, row) {
...
To this:
var query_string = "SELECT protein_A, protein_B, PIPE_score, site1_A_start FROM $table WHERE $score_type > $score AND protein_A = '$protein'" +
" UNION SELECT protein_A, protein_B, PIPE_score, site1_A_start FROM $table WHERE $score_type > $score AND protein_A = '$protein'";
var placeholders = {
$table: organism + PIPE_output_table,
$score_type: score_type,
$score: cutoff['range'],
$protein: item
};
var stmt = db.prepare(query_string, placeholders, function(err) {
console.log(err);
stmt.each(function(err,row) {
...
})
}
but I keep getting this error:
Error: SQLITE_ERROR: near "$table": syntax error
But I am not sure what is syntactically wrong here since the format is as I have seen it in the API documentation. I have tried '?', '#', and ':' before each variables but none seem to be recognized.
What's wrong in my code?
Bind parameters only work for values in the WHERE clause. Table and column names (collectively called "identifiers") won't work.
"SELECT foo FROM bar WHERE this = $that" # OK
"SELECT foo FROM bar WHERE $this = 'that'" # Not OK
Normally you'd work around this by escaping and quoting identifiers and inserting them into the query. A good database library has a method call for this...
var this = db.quote_literal(input_column);
'SELECT foo FROM bar WHERE ' + this + ' = ?'
Unfortunately, node-sqlite3 doesn't appear to have one. :(
SQLite does provide a quoting function, the %w operator, but node-sqlite3 doesn't appear to make it available.
You'll have to write your own. Follow the instructions from this answer in Python and convert them to Javascript.
Ensure the string can be encoded as UTF-8.
Ensure the string does not include any NUL characters.
Replace all " with "".
Wrap the entire thing in double quotes.
I'm not very good with Javascript, so I'll leave you to code that.
Related
i have a select query to a local database and for some reason the following error shows up:
ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'FROM site WHERE name = OCC AND date_start = 2018-07-30 08:00:00 AND date_end = '' at line 1
here's my query:
connection.query("SELECT *, FROM shop WHERE name = " + shop_name + " AND date_start = " + myDate + " AND date_end = " + myDate2, function (err, result)
{
if (err)
{
console.log("Error Is:" + err);
}
else
{
console.log('DATA EXISTING IS =' + JSON.stringify(result));
}
});
am i missing something?
The usual mantra: use parameterized queries. They will prevent SQL injections and make your service more secure. Furthermore they will take care of the usual pitfalls when building a query using string concatenation.
Let's have a look at your query
"SELECT *, FROM shop WHERE name = " + shop_name + " AND date_start = " + myDate + " AND date_end = " + myDate2
Which spells out to something like
SELECT *, FROM shop WHERE name = myshop AND date_start = 2018-07-30 AND date_end = 2018-08-10
There are at least 3 errors
The , behind the SELECT * this is also the one the error tells you about. I suppose you had a column list and replaced it with *
The shop name column is most certainly some char column. So you have to enclose your values with quotes
Also the dates must be used with quotes, so the SQL engine will parse it to a date and do the comparison. For some SQL engines there is also a special annotation for dates. Have a look in the documentation.
This query should work
"SELECT * FROM shop WHERE name = '" + shop_name + "' AND date_start = '" + myDate + "' AND date_end = '" + myDate2 +"'"
depending on what myDate and myDate2 are.
At least problems 2 and 3 would not happen if you use parameterized queries. Consult the documentation of the library you are using.
I want to retrieve data from an object, and I need to make several iterations. I have another object inside the first.
Here is what I try to do
for (var site in dataArray) {
var itemList = site + ' - ' + dataArray[site].username + ' - ' + dataArray[site].followers + '<div class="detail"></div>' + '<br>';
$('.test').append(itemList);
for (var key in dataArray[site].details) {
var itemDetail = ' - ' + key + ' ' + dataArray[site].details[key];
$('.detail').append(itemDetail);
}
}
But when I did this code, the first element append, receive all the key/value from the others details objects. I only want to display the details object related with his site parent site object.
Here is a fiddle : http://jsfiddle.net/JeremDsgn/7EX6M/
Thanks!
That's because your selector $('.detail') selects all elements with class detail.
Try using the DOM instead of strings. I give you this as a personal advice. I used to append HTML via strings just like you're doing it now. Since I started using DOM objects as they are actually meant to be used, the javascript language became times more pleasant to work with.
for (var site in dataArray) {
var itemList = site + ' - ' + dataArray[site].username + ' - ' + dataArray[site].followers;
var details = document.createElement('div');
details.className = 'detail';
for (var key in dataArray[site].details) {
var itemDetail = ' - ' + key + ' ' + dataArray[site].details[key];
$(details).append(itemDetail);
}
$('.test').append(itemList).append(details);
}
First of all, let me apologize for the title, as it isn't so explanatory, but I could not say it in another way.
The deal is: I am doing a javascript application, in which I have an object called "ocorrencia", which was defined like this:
var ocorrencia = new Object();
that object has several children, being filled by a method:
ocorrencia.idOcorrencia = ""+ year + month + day + hour + minute + second + milisec;
idOcorrencia is the one I am having problems with, because I am running a DataBase insert with this value, and I use it 2 times in the same insert, like:
var sql = 'INSERT INTO OCORRENCIAS (id, ocorrencia, data, resolucao, urgencia, foto) VALUES (' + ocorrencia.idOcorrencia + ', "' + ocorrencia.descricao + '", "' + ocorrencia.data + '", "' + ocorrencia.resolucao + '", "' + ocorrencia.grauUrg + '", "' + ocorrencia.idOcorrencia + '.jpg"' +')';
The insert runs great, an I have all the data inserted in the DB, BUT "id" and "foto" (which were supposed to get equal values) are giving me different values by 2 or 3 miliseconds.
How can this happen, as I am not changing "ocorrencia.idOcorrencia" ?
This is beeing tested in an Android device.
EDIT: Tested on Windows browser and the problem doesn't appear to happen.
Thank you
I guess you fill idOcorrencia on runtime? So the lag is producing this difference.
Try using a hash for the id or set it before running the SQL-query.
I am trying to call a custom Html helper method that I have written from a javascript function that is used by jqGrid to return formatted text, in this case a link, for a cell:
function formatGroupPlanEditLink(cellValue, options, rowObject) {
//var cellHtml = "<a href='/Insurance/GroupPlanEdit/?id=" + rowObject[0] + "'>" + rowObject[1] + "</a>";
var functionArgs = rowObject[1] + ',Url.Action("GroupPlan", "Insurance", new { id = ' + rowObject[0] + ' }),String.Format("Edit {0}", ' + rowObject[1] + '), listId,Url.Action("GroupPlanList", "Insurance"),false';
var cellHtml = '#Html.DialogFormLink(' + functionArgs + ')';
return cellHtml;
}
The problem that I have is that I cannot concatenate the entire string before the helper is executed. So the browser is trying to execute "#Html.DialogFormLink(" - which of course causes an error. I guess there must be a better way to go about this. I really want to still be able to use the Html helper method as I use it elsewhere, and it works nicely for my requirements.
I'm not that familiar with Razor, but the quotes around the #Html helper look suspicious.
var cellHtml = '#Html.DialogFormLink(' + functionArgs + ')';
The browser doesn't execute #Html.DialogFormLink; the server evaluates it. I suspect the server is injecting the literal '#Html.DialogFormLink' into your js.
Essentially what I'm trying to do is fairly simple....pass more than one parameter (4 total eventually) into a javascript function from my ASP.NET code behind.
What I've tried to do is this in the ASCX file...
function ToggleReportOptions(filenameText, buttonText) { /*stuff happens here*/ }
and this in the ASCX.cs file...
string testing123 = "testStringOne";
string testing124 = "testStringTwo";
optReportOptionsRunRealTime.Attributes["onClick"] = "ToggleReportOptions('" + testing123 + ", " + testing124 + "')";
optReportOptionsOffline.Attributes["onClick"] = "ToggleReportOptions('" + testing123 + ", " + testing124 + "')";
but this doesn't seem to work as in my output the first variable contains "testStringOne, testStringTwo" and the 2nd variable is "undefined"
Any help on clearing up my probably stupid issue here would be great (i'm very inexperienced with javascript, more of a .NET developer)
You've missed out a few single-quotes, meaning that you're passing a single string containing a comma rather than two separate strings. That is, you're passing 'testStringOne, testStringTwo' rather than 'testStringOne' and 'testStringTwo'.
Try this instead:
optReportOptionsRunRealTime.Attributes["onClick"] =
"ToggleReportOptions('" + testing123 + "', '" + testing124 + "')";
optReportOptionsOffline.Attributes["onClick"] =
"ToggleReportOptions('" + testing123 + "', '" + testing124 + "')";