当您想在SQL中使用用户生成的内容时,可以通过参数来完成。例如,使用名称搜索用户,aminadav您应该执行以下操作:
var username = 'aminadav'; var querystring = 'SELECT name, email from users where name = ?'; connection.query(querystring, [username], function(err, rows, fields) { if (err) throw err; if (rows.length) { rows.forEach(function(row) { console.log(row.name, 'email address is', row.email); }); } else { console.log('There were no results.'); } });