时间戳

首页 > 解决方案 > Nodejs 和 SQL - 使用多个选择语句将数据插入 SQL 的问题

mysql - Nodejs 和 SQL - 使用多个选择语句将数据插入 SQL 的问题

问题描述

错误图像
在使用多个选择语句在 SQL 数据库表 user_recipe_consumption 中插入数据时,我遇到了错误,因为 - throw err; // 重新抛出非 MySQL 错误 ^ Error: ER_PARSE_ERROR: You have an error in your SQL syntax; 检查与您的 MySQL 服务器版本相对应的手册,以获取在“蘑菇面食”附近使用的正确语法);' , '( 从第 1 行的 RecipeEmissions where RecipeName' 中选择 vegEmission

for (var dataVal = 0; dataVal < req.body.length; dataVal++) {
    var recipeInfo = req.body[dataVal].RecipeName;
    var deviceID = req.body[dataVal].deviceID;
    var totEmission = req.body[dataVal].totalEmission;
    var sql = "INSERT INTO user_recipe_consumption (deviceID, totalEmission, recipeID , vegEmission,date_of_entry) VALUES ('" + deviceID + "','" + totEmission + "', '( select RecipeID, from RecipeEmissions where RecipeName = ?);' , '( select vegEmission from RecipeEmissions where RecipeName = ? );' ,'" + now + "')";              
    con.query(sql, recipeInfo, function(err, result) {
            if (err) throw err;
            console.log("Number of records inserted: " + result.affectedRows);
        });
    }

标签: mysqlsqlnode.js

解决方案

您应该使用完全基于参数绑定的查询(例如:命名参数),而不是使用 var 连接的 SQL(以及与数据类型和 SQL 注入相关的问题)。您还应该使用插入选择语法而不是同一个表中的多个选择

"INSERT INTO user_recipe_consumption (deviceID, totalEmission, recipeID , vegEmission,date_of_entry) 
SELECT :deviceID, :totEmissino,  RecipeID, vegEmission, :date_of_entry 
FROM RecipeEmissions 
where RecipeName = :RecipeName;"

例如:

connection.execute(
    "INSERT INTO user_recipe_consumption (deviceID, totalEmission, recipeID , vegEmission,date_of_entry) 
    SELECT :deviceID, :totEmission ,  RecipeID, vegEmission, :date_of_entry 
    FROM RecipeEmissions 
    WHERE RecipeName = :RecipeName;",
    {deviceID: deviceID, totEmission: totEmission, date_of_entry:date_of_entry,RecipeName:RecipeName},
function(err, result)
.......

推荐阅读