1

Using mysql2 I am parsing a json response from an endpoint and inserting some of its values in a mysql database. What I now want to do is to log this response in a table of my database. The json I receive is in a variable called data and I properly access it's values like data.object.account_country and so on.

data is a valid json like this (trimmed for privacy):

{
    "object": {
      "id": "in_1IYxloLuHwfLSa62Zjqz5jX5",
      "object": "invoice",
      "account_country": "IT",
    }
}

Now I want to store the entire json in a log table in mysql so I created a json column in my table and I am trying to insert the json.

My query looks like this:

con1.query("INSERT INTO webhook_log SET tipo='"+eventType+"', risposta='"+data+"', created_on=now()",function(err,result){
                        if(err) throw err;
                        console.log(`🔔  Webhook logged`);
                    });

This throws the following error:

{ Error: Invalid JSON text: "Invalid value." at position 1 in value for column 'webhook_log.risposta'.

I also tried removing the single quotes around data but in this case I get:

{ Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[object Object], created_on=now()' at line 1

There is obviously something I am doing wrong here but I cannot spot the light on the error.

Improve this question
4
  • I'm not a node.js developer, but it sounds like you're trying to stick the object into your SQL string. You need to marshal the object into a JSON string first using JSON.stringify if I recall. Also please learn to use query parameters instead of using + string concatenation. You're creating an SQL injection vulnerability. Commented Apr 7, 2021 at 14:44
  • On the parametrized query issue, yes. It is the following step in the learning curve for node: I well know the point. On the json.stringify part will do a try. I thought that since the field type is JSON I could stick there directly the response. Commented Apr 7, 2021 at 14:47
  • 1
    The field type is JSON, but you're just concatenating a string at the point where the object is interpolated into your SQL query. It has no idea that string will be used for a query at all. Expressions don't know how they will be used. Commented Apr 7, 2021 at 14:49
  • 1
    got it. And by the way stringify works! Thanks @BillKarwin Commented Apr 7, 2021 at 14:50

1 Answer 1

Reset to default
2

Per the comments above, the answer is to use JSON.stringify to convert a Javascript object into a JSON string.

Also use SQL query parameters. Once you get the hang of it, it's actually easier than doing string-concatenation and getting eyestrain trying to balance all the quotes.

con1.query("INSERT INTO webhook_log SET tipo=?, riposta=?, created_on=now()",
  [eventType, JSON.stringify(data)],
  function(err,result){ if(err) throw err; console.log(🔔  Webhook logged); });
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.