更新时间:2023-02-05 21:19:20
是的,我们应该为此使用准备好的语句和 ?
作为占位符.为了使它工作,我们应该将参数作为单独的参数传递:
Yes, we should use prepared statements for that and ?
as placeholders. In order to make it work, we should pass parameters as a separate argument:
const query = 'SELECT * FROM products WHERE id = ?';
const params = [req.param.id];
connection.query(query, params, function (error, results, fields) {
另一种形式:
connection.query(
{
sql: 'SELECT * FROM products WHERE id = ?',
values: [req.param.id]
},
function (error, results, fields) {
有关更多示例,请参阅文档.
See documentation for more examples.