nlr_p nlr_p - 2 months ago 9
MySQL Question

post call is not working in node js

I am trying to perform a post call in node js, i am testing it through post but i am not able to retrive data,
my node code,

exports.login = function( req, res ) {
console.log("Params:"+req.body.email);
//console.log('email:'+params.email);
connection.query('SELECT * FROM profile where email ='+req.body.email,function(error,result,rows,fields){
if(!!error){console.log(error)
console.log('fail');
}else{
console.log(result);
res.send(result);
}
// }

});}


my routes,

router.post('/login',cors(), admin.login);


i am getting fail and my error is

{ [Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com' at line 1]


my input through postman

{"email":"s@gmail.com"}

Answer

Don't build the query string directly, this leaves you open to injection attacks and also chokes on certain characters, as you are experiencing here. Use a placeholder like so:

var query = "select * from profile where email = ?";

connection.query(query, [req.body.email], function(error,result,rows,fields) {
...