Man*_*anu 5 javascript sql postgresql sequelize.js
我想使用 Sequelize 进行原始查询并使用替换来避免 sql 注入:
var sequelize = require('sequelize');
sequelize.query("SELECT * FROM table where name =:name ORDER BY :age:direction",
{replacements:{name:"test", age:"age", direction:"desc"}, type: sequelize.QueryTypes.SELECT })
这将转换为以下查询
SELECT *
FROM table
WHERE name = 'test'
ORDER BY 'age' 'desc'
由于按列排序有单引号,方向也有单引号,postgres 抛出错误
谁能建议我如何通过替换就位来解决这个问题?
作为解决方法,我分别创建了查询和排序顺序,然后按如下方式连接它们:
const query= `SELECT * FROM table where name =:name ORDER BY :age`;
let sortOrder = `DESC`
sequelize.query(`${query} ${sortOrder}`, {replacements:{name:"test", age:"age"}, type: sequelize.QueryTypes.SELECT })
在那里只是为了玩sortORder
| 归档时间: |
|
| 查看次数: |
3387 次 |
| 最近记录: |