REMINDER

Please be respectful of all AppDragers! Keep it really civil so that we can make the AppDrag community of builders as embracing, positive and inspiring as possible.

Parametrized SQL queries are now supported in appdrag-cloudbackend



  • Hey dear community,

    We have updated our appdrag-cloudbackend NPM package to allow parametrized SQL queries.

    If you want to compose the SQL query by yourself with input parameters you must escape the user inputs to avoid SQL injection with cloudbackend.escape() like this:

    cloudbackend.sqlSelect("SELECT * FROM Products WHERE category = '" + cloudbackend.escape( event.POST.category ) + "'")
    .then( function(response) {
    	console.log(response);
    });
    

    But there is now a better way with parametrized queries, You can use ? characters as placeholders for values you would like to have escaped. Multiple placeholders are mapped to values in the same order as passed.

    cloudbackend.sqlSelect('SELECT * FROM Products WHERE category = ? and id > ?', ["Software", 500])
    .then( function(response) {
    	console.log(response);
    });
    

    You can check the full documentation on NPM:
    https://www.npmjs.com/package/appdrag-cloudbackend


Log in to reply