How to use the sqlstring.format function in sqlstring
To help you get started, we’ve selected a few sqlstring examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
LinkedIMDb / LinkedIMDb / Application / server / controllers / authController.js View on Github 
authController.createUser = (req, res, next) => {
// Hash password using the salt;
const hashedPassword = bcrypt.hashSync(req.body.password, SALT_WORK_FACTOR);
db.query(
sqlstring.format(
'INSERT INTO user (username, email, password, firstname, lastname) VALUES (?,?,?,?,?)', [req.body.username, req.body.email, hashedPassword, req.body.firstname, req.body.lastname]),
(err, results, fields) => {
if (err) return res.status(400).send(err);
else {
const user_id = results.insertId;
console.log(user_id);
const token = jwt.sign(user_id, jwtSecret);
res.locals.jwt = token;
return next();
}
}
);
}format(sql, values) {
if (typeof this.config.queryFormat === 'function') {
return this.config.queryFormat.call(
this,
sql,
values,
this.config.timezone
);
}
const opts = {
sql: sql,
values: values
};
this._resolveNamedPlaceholders(opts);
return SqlString.format(
opts.sql,
opts.values,
this.config.stringifyObjects,
this.config.timezone
);
}toSqlString() {
const { sql, values } = this.format()
return SqlString.format(sql, values)
}historyController.savePath = (req, res, next) => {
db.query(
sqlstring.format(
'INSERT INTO history (user_id, path) VALUES (?,?)', [res.locals.user_id, JSON.stringify(req.body)]),
(err, results, fields) => {
if (err) return res.status(400).send(err);
else {
const path_id = results.insertId;
res.locals.path_id = path_id;
return next();
}
}
);
}historyController.checkForPath = (req, res, next) => {
db.query(
sqlstring.format(
'SELECT path_id FROM history WHERE path = ? AND user_id = ?', [JSON.stringify(req.body), res.locals.user_id]),
(err, results, fields) => {
if (err) return res.status(400).send(err);
else {
if (results.length) {return res.status(400).json({error: 'path already in db'})}
return next();
}
}
);
}dbName: string,
tableName?: string
): Promise {
let sql = `
SELECT
TABLE_NAME, TABLE_TYPE, CREATE_TIME, TABLE_COLLATION, TABLE_COMMENT
FROM
INFORMATION_SCHEMA.TABLES
WHERE UPPER(TABLE_SCHEMA) = ?
`
let params = [dbName.toUpperCase()]
if ((tableName?.length ?? 0) > 0) {
sql += ` AND UPPER(TABLE_NAME) = ?`
params.push(tableName!.toUpperCase())
}
const data = await evalSqlObj(SqlString.format(sql, params))
return {
tables: data.map((row) => ({
name: row.TABLE_NAME,
type: row.TABLE_TYPE,
createTime: row.CREATE_TIME,
collation: row.TABLE_COLLATION,
comment: row.TABLE_COMMENT,
})),
}
}authController.getUserData = (req, res, next) => {
db.query(
sqlstring.format(
'SELECT firstname, lastname, username, user_id FROM user WHERE user_id = ?', [res.locals.user_id]
),
(err, results, fields) => {
if (err) return res.status(500).send(err);
return res.send(results[0]);
}
);
}sqlstring
Simple SQL escape and format for MySQL
