Skip to content
Advertisement

One value for multiple placeholders in nodejs-mysql

To allow users to login using thier username or email OR phonenumber, I’m using this query:

res.post('/api/userlogin', function(req, res){
    connection.query(
        'SELECT * FROM users WHERE username=? OR email=? OR phonenumber=? AND password=?', 
        [req.body.loginfield, req.body.loginfield,req.body.loginfield, req.body.password], 
        function(){  
        ...
        ...
        //res.send
    });
});

I beleive this is how mysql work, but I thought maybe there is a way to use only one value (req.body.loginfield) for multiple placeholder without typing it repeatedly.

I couldn’t find anything about it in the docs though.

Advertisement

Answer

You can use the IN operator:

SELECT * 
FROM users 
WHERE ? IN (username, email, phonenumber) AND password = ?

Side note: your original query has a prescendence issue, which makes it quite unsafe. As it is, this will authorize users that login using their username or email without checking their password, since this:

username=? OR email=? OR phonenumber=? AND password=?

Is syntaxically equivalent to:

(username=? OR email=?) OR (phonenumber=? AND password=?)

This is because logical operator OR has lower prescedence than AND. You would need to surround the ORed conditions with parenthesis, as follows:

(username=? OR email=? OR phonenumber=?) AND password=?)
User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement