File tree Expand file tree Collapse file tree 1 file changed +9
-14
lines changed Expand file tree Collapse file tree 1 file changed +9
-14
lines changed Original file line number Diff line number Diff line change @@ -20,29 +20,24 @@ async function queryDatabase() {
2020 try {
2121 const result = await input ( [ 'number' ] ) ;
2222 input_number = result . number
23- } catch ( err ) {
24- console . error ( err ) ;
25- }
2623
27- // 1. Naive way of passing the parameter to the query
28- //const select_query = `select * from students WHERE student_number = ${input_number};`
24+ // 1. Naive way of passing the parameter to the query
25+ //const select_query = `select * from students WHERE student_number = ${input_number};`
2926
30- // 2. Escaping the parameter ( replacing the unwanted characters)
31- //const select_query = `select * from students WHERE student_number =` + connection.escape(input_number);
32-
33- // 3. Using a question mark syntax to do the escaping (AKA prepared statements)
34- const select_query = `select * from students WHERE student_number = ?`
27+ // 2. Escaping the parameter ( replacing the unwanted characters)
28+ //const select_query = `select * from students WHERE student_number =` + connection.escape(input_number);
29+ // 3. Using a question mark syntax to do the escaping (AKA prepared statements)
30+ const select_query = `select * from students WHERE student_number = ?`
3531
36- connection . connect ( ) ;
37- try {
32+ connection . connect ( ) ;
3833 console . log ( select_query ) ;
3934 var results = await execQuery ( select_query , input_number ) ;
4035 } catch ( error ) {
4136 console . error ( error ) ;
4237 }
4338
44- for ( i in results ) {
45- console . log ( results [ i ] ) ;
39+ for ( r of results ) {
40+ console . log ( r ) ;
4641 }
4742 connection . end ( ) ;
4843}
You can’t perform that action at this time.
0 commit comments