Example where data in mysql with nodejs

 

Select With a Filter

When selecting records from a table, you can filter the selection by using the "WHERE" statement:

Example: Select record(s) with the address "Park Lane 38"

 

var mysql = require('mysql');

var con = mysql.createConnection({

  host: "localhost",

  user: "root",

  password: "",

  database: "mydb"

});

con.connect(function(err) {

  if (err) throw err;

  /*Select all customers with the address "Park Lane 38":*/

  con.query("SELECT * FROM customers WHERE address = 'Mountain 21'", function (err, result) {

    if (err) throw err;

    console.log(result);

  });

});

 

Run and result:

 

C:\Nodejs>node mysqlWhereData.js

[ RowDataPacket { name: 'name4', address: 'Mountain 21', id: 7 } ]

 

Wildcard Characters

You can also select the records that starts, includes, or ends with a given letter or phrase.

Use the '%' wildcard to represent zero, one or multiple characters:

Example: Select records where the address starts with the letter 'S'

 

var mysql = require('mysql');

var con = mysql.createConnection({

  host: "localhost",

  user: "root",

  password: "",

  database: "mydb"

});

con.connect(function(err) {

  if (err) throw err;

  /*Select all customers where the address starts with an "S":*/

  con.query("SELECT * FROM customers WHERE address LIKE 'S%'", function (err, result) {

    if (err) throw err;

    console.log(result);

  });

});

 

Run and result:

 

C:\Nodejs>node mysqlWhereLikeData.js

[ RowDataPacket { name: 'name8', address: 'Sky st 331', id: 11 } ]

Escaping Query Values

When query values are variables provided by the user, you should escape the values.

This is to prevent SQL injections, which is a common web hacking technique to destroy or misuse your database.

The MySQL module has methods to escape query values:

Example: Escape query values by using the mysql.escape() method

 

var mysql = require('mysql');

var con = mysql.createConnection({

  host: "localhost",

  user: "root",

  password: "",

  database: "mydb"

});

con.connect(function(err) {

  if (err) throw err;

  var adr = 'Mountain 21';

  //Escape the address value:

  var sql = 'SELECT * FROM customers WHERE address = ' + mysql.escape(adr);

  console.log(sql);

  con.query(sql, function (err, result) {

    if (err) throw err;

    console.log(result);

  });

});

 

Run and result:

 

C:\Nodejs>node mysqlWhereUseEscape.js

SELECT * FROM customers WHERE address = 'Mountain 21'

[ RowDataPacket { name: 'name4', address: 'Mountain 21', id: 7 } ]

 

You can also use a ? as a placeholder for the values you want to escape.

In this case, the variable is sent as the second parameter in the query() method

Code:

 

var mysql = require('mysql');

var con = mysql.createConnection({

  host: "localhost",

  user: "root",

  password: "",

  database: "mydb"

});

con.connect(function(err) {

  if (err) throw err;

  var adr = 'Mountain 21';

  //Escape the address value:

  var sql = 'SELECT * FROM customers WHERE address = ?';

  //Send an array with value(s) to replace the escaped values:

  con.query(sql, [adr], function (err, result) {

    if (err) throw err;

    console.log(result);

  });

});

 

Run and result:

 

C:\Nodejs>node mysqlWhereUseParamQuery.js

[ RowDataPacket { name: 'name4', address: 'Mountain 21', id: 7 } ]

 

If you have multiple placeholders, the array contains multiple values, in that order

Code:

 

var mysql = require('mysql');

var con = mysql.createConnection({

  host: "localhost",

  user: "root",

  password: "",

  database: "mydb"

});

con.connect(function(err) {

  if (err) throw err;

  var name = 'An';

  var adr = 'Mountain 21';

  //Escape the name and the address values:

  var sql = 'SELECT * FROM customers WHERE name = ? OR address = ?';

  //Send an array with value(s) to replace the escaped values:

  con.query(sql, [name, adr], function (err, result) {

    if (err) throw err;

    console.log(result);

  });

});

 

Run and result:

 

C:\Nodejs>node mysqlWhereUseParamQuery.js

[ RowDataPacket { name: 'name4', address: 'Mountain 21', id: 7 } ]