Error SQL syntax in nodejs

Question

I wrote an SQL query in nodejs like this

router.get('/bookingAppointment', function (req, res, next) {
var specialty = req.query.specialty;
var doctor = req.query.doctor;
var date = req.query.date;
var newdate = date.split('/').reverse().join('-');
var stm = "SELECT numericalOrder, date"
    + "FROM appointment "
    + "WHERE specialty = '" + specialty + "' AND doctor = '" + doctor 
    + "' AND date ='" + newdate + "' AND status = 0 "
    + "ORDER BY numericalOrder asc "
    + "LIMIT 1";
con.query(stm, function (err, results) {
    if (err) throw err;
    res.send(JSON.stringify({ "status": 200, "error": null, "response": results }));
});

});

But I get the following SQL syntax error

ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE specialty = 'KNTK' AND doctor = 'Nguyễn Văn A' AND date ='2018-7-15' AN' at line 1

Anyone know why my query break?

You should avoid constructing SQL queries using string concatenation because it makes your code vulnerable to SQL injection attacks. — Richardissimo
– Richardissimo, Commented Jul 15, 2018 at 4:48

flyingfox · Accepted Answer · 2018-07-15 04:37:15Z

2

Check your sql,you will find that you have no space between date and FROM

var stm = "SELECT numericalOrder, date " //need to add a space here
    + "FROM appointment "
    + "WHERE specialty = '" + specialty + "' AND doctor = '" + doctor 
    + "' AND date ='" + newdate + "' AND status = 0 "
    + "ORDER BY numericalOrder asc "
    + "LIMIT 1";

answered Jul 15, 2018 at 4:37

flyingfox

13.5k4 gold badges30 silver badges43 bronze badges

Sign up to request clarification or add additional context in comments.

Collectives™ on Stack Overflow

Error SQL syntax in nodejs

1 Answer 1

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Related