I have a js file to work with my local database, and a POST request is not working like it should – if I enter a specific row, it returns a correct result, but I need it to get the variable from post data. This type of entering query doesn’t work 🙁
x
app.post("/search", (req, res, next) => { var post_data = req.body; // get post body var course_search = post_data.search; // get field 'search' from post data //var query = 'SELECT * FROM courses WHERE title LIKE "%Java%"'; var query = 'SELECT * FROM courses WHERE title LIKE "%' + course_search + '%"'; con.query(query, function (error, result, fields) { con.on('error', function (err) { console.log('[MYSQL]ERROR', err) }); if (result && result.length) { res.end(JSON.stringify(result)); } else { res.end(JSON.stringify('There is nothing to show on your request')); } });});Advertisement
Answer
You can try to use the “Prepared Statements”. As an example using your code:
app.post("/search", (req, res, next) => {var post_data = req.body; // get post bodyvar course_search = post_data.search; // get field 'search' from post data//var query = 'SELECT * FROM courses WHERE title LIKE "%Java%"';var query = 'SELECT * FROM courses WHERE title LIKE "%?%"';con.query(query, [course_search], function (error, result, fields) { con.on('error', function (err) { console.log('[MYSQL]ERROR', err) }); if (result && result.length) { res.end(JSON.stringify(result)); } else { res.end(JSON.stringify('There is nothing to show on your request')); } });});