0

https://github.com/mysqljs/mysql#introduction

mysqljs is pretty inconsistent with escaping values, or I am not understanding the docs.

Error:

this.table = 'elections';
mysql.query('SELECT * FROM ? where name = ?', [this.table, this.votesTable]

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax error: 'SELECT * FROM \'elections\' where name = \'prim1000\''

But this works: 

`mysql.query('UPDATE elections SET updated_at = ? WHERE name = ?', [this.getTimeStamp(), this.votesTable])

But if I remove "elections" in the query above and put "?" instead it will throw an error. So the following won't work. 

mysql.query('UPDATE ? SET updated_at = ? WHERE name = ?', [this.table, this.getTimeStamp(), this.votesTable])
Improve this question
1
  • What is the question? :-) Commented Feb 27, 2018 at 22:17

1 Answer 1

Reset to default
1

Referring to the documentation page you linked to, under the section "Escaping query identifiers", you should be able to do this:

mysql.query('SELECT * FROM ?? where name = ?', [this.table, this.votesTable]

Most SQL frameworks do not allow parameters to be used for anything besides individual values. I.e. not table identifies, column identifiers, lists of values, or SQL keywords. The mysqljs library is uncommon in that it has support for quoting identifiers and key/value pairs.

Re your comment:

The ?? placeholder is for identifiers. Identifiers must be quoted differently from values. In MySQL, a string value is quoted like 'string' but an identifier is quoted with back-ticks.

SELECT * FROM `mytable` where name = 'myname'

The mysqljs class uses the ?? as a special placeholder for an identifier, so you can tell the class it must be quoted with back-ticks.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This works but I am not sure what's the difference between ?? and ?.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.