如何在 Sequelize 中创建准备好的语句? [英] How to create prepared statements in Sequelize?

问题描述

首先是可能的，我认为应该是因为它们比原始查询更安全并且可以防止 sql 注入.

但实际上我在文档中找不到任何东西.

sequelize.prepare <- 不存在

sequelize.query <- 存在

解决方案

没关系，sequelize.query 有一个名为 replacements 的选项，它会自动转义.><块引用>

替换被转义并在查询发送到数据库之前通过 sequelize 插入到查询中

sequelize.query('SELECT * FROM users WHERE name LIKE :search_name ',{ 替换:{ search_name: 'ben%' }，类型:sequelize.QueryTypes.SELECT }). 然后(项目 => {控制台日志(项目)})

First is it possible, I think it should be as they're safer than raw queries and prevent sql injection.

But there is literally nothing I can find in documentation.

sequelize.prepare <- doesn't exist

sequelize.query <- exists

解决方案

Never Mind, The sequelize.query has an option called replacements that is escaped automatically.

replacements are escaped and inserted into the query by sequelize before the query is sent to the database

sequelize.query('SELECT * FROM users WHERE name LIKE :search_name ',
  { replacements: { search_name: 'ben%'  }, type: sequelize.QueryTypes.SELECT }
).then(projects => {
  console.log(projects)
})

这篇关于如何在 Sequelize 中创建准备好的语句?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！