All Questions
Tagged with node-postgres prepared-statement
9 questions
0
votes
2
answers
96
views
How can I replace this obviously bad string interpolation with a prepared statement?
Apart from checking that the attributeId is in a list of predefined strings – possible, but in this particular case costly – is there any way to re-write this in a less 'injectable' fashion (since the ...
- 4,715
1
vote
1
answer
76
views
Is this type of query safe from sql injection?
let tableName = req.body.tableName
let colName = req.body.col1+","+req.body.col2
sqlString = INSERT INTO ${tableName}(${colName}) VALUES ($1,$2) RETURNING *
- 145
0
votes
1
answer
698
views
Does a dynamic prepared statement makes sense?
I want to create dynamic prepared statements, that every part is dynamic, the values, the table and the WHERE part.
I use nodejs + PostgreSQL and the pg module to talk to the PostgreSQL. The pg ...
- 737
1
vote
2
answers
4k
views
"SELECT * FROM $1" prepared statement errors to: error: syntax error at or near "$1"
Why does this error?
const response = await pool.query(`SELECT * FROM $1`, [table]);
The value of [table] is ["person"] in my test case. But it keeps erroring to:
error: syntax error at or near "$1"...
- 4,808
2
votes
0
answers
4k
views
Node-postgres parameterized queries with array parameter
I'm trying to execute this PSQL query to call a function and get a list of ids back. [This function works when run in PGAdmin as it should, verified by the ids coming back.]
SELECT get_dataids(
'...
- 31
1
vote
1
answer
2k
views
PostgreSQL node.js prepared statements maximum bindings
I am trying to do some big bulk inserts to Postgres via node-postgres
When the bindings array exceeds 65536 values then passes to postgres the rest of values and when the query it runs I take the ...
- 523
0
votes
2
answers
1k
views
prepared statements node-postgresql error with null result
i am new in node.js and postgresql. am allready connected with postgres db and execute some test code. after am going to use prepared statements.am create a sample login script. if user exist it ...
- 5,013
24
votes
4
answers
28k
views
Node-postgres: named parameters query (nodejs)
I used to name my parameters in my SQL query when preparing it for practical reasons like in php with PDO.
So can I use named parameters with node-postgres module?
For now, I saw many examples and ...
- 647
3
votes
2
answers
6k
views
Why can't I delete from db using node-postgres?
Is there something special i need to do with a parameterized query?
the following seems to succeed (i'm using a promise-ified client.query see end),
console.log('cancel for', data);
var ...
- 2,993