0

I've done some research and I'm getting conflicting answers, so here it goes. Do you have to pass JS variables into PHP first or can you insert them directly into a MySQL table? I have this running in node.js, thanks!

var part = [];
var des = [];
var price = [];
var request = require('request');
var cheerio = require('cheerio');
var mysql = require('mysql');

var con = mysql.createConnection({
  host: "127.0.0.1",
  user: "root",
  password: "",
  database: "parts"
});

request('URL', function(error, response, body) {
    if (!error && response.statusCode == 200) {
        var $ = cheerio.load(body);
        getPartNumber();
        getDescription();
        getPrice();
        con.connect(function(err) {
        if (err) throw err;
        for (var i = 0; i<part.length; i++){
            var sql = "INSERT INTO data_9_17 (partNumber, description, price) VALUES (part[i], des[i], price[i])";
            con.query(sql, function (err, result) {
                if (err) throw err;
                console.log("1 record inserted, ID: " + result.insertId);
            });
        }
});

function getPartNumber() {
$("input[name = 'sku']").each(function() { part.push($(this).val()) });
}

function getDescription() {
$(".ellipsis_text").each(function() { des.push($(this).text()) });
}

function getPrice() {
$(".sellprice, .dbl").each(function() { price.push($(this).text()) });
}
}
});
Improve this question
2
  • If you are on Node, you can do it directly. Commented Sep 8, 2017 at 16:58
  • But not that way...remember that with node you have server side javascript... Commented Sep 8, 2017 at 16:58

3 Answers 3

Reset to default
3

your query string should go like this:

"INSERT INTO data_9_17 (partNumber, description, price) VALUES ('" + part[i] + "', '" + des[i] + "', '" + price[i] + "')";

You can concenate values by using +. Check this out.

Edit: I made a mistake. Didn't put ' in. Fixed now... Anyways, J Johnson is right. It's better to use Prepared Statements because of SQL Injection.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You can use prepared statement, like this:

var query = 'INSERT INTO data_9_17 (partNumber, description, price) VALUES (?, ?, ?)';

con.query(query, [part[i], des[i], price[i]], function(err, results) ... )

// You will put your variables inside []

If you want more information, refer to the mysql npm module:

https://www.npmjs.com/package/mysql#escaping-query-values

Improve this answer

2 Comments

I only intend to run this on my desktop, but I totally get what you are saying. Thanks, J Johnson!
No problem @GarrettPenfield :)
0

You need to concatenate your query string with the values of the variables:

var sql = "INSERT INTO data_9_17 (partNumber, description, price) VALUES (" + part[i] + ", " + des[i] + ", " + price[i] + ")";

For security reasons, I recommend you to use the prepared statement: 

var sql = mysql.format("INSERT INTO data_9_17 (partNumber, description, price) VALUES (?, ?, ?)", (part[i], des[i], price[i]));

con.query(sql, function (err, result) {
.....
.....
.....
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.