当您想在SQL中使用用户生成的内容时,可以通过参数来完成。例如,使用名称搜索用户,aminadav您应该执行以下操作:
var username = 'aminadav';
var querystring = 'SELECT name, email from users where name = ?';
connection.query(querystring, [username], function(err, rows, fields) {
if (err) throw err;
if (rows.length) {
rows.forEach(function(row) {
console.log(row.name, 'email address is', row.email);
});
} else {
console.log('There were no results.');
}
});