4

I'm new to Node.js and I've hit a roadblock I can't figure out. I'm trying to add an array to a SQL table using an INSERT INTO query. Following the example [here][1] I see that I add a question mark as a placeholder for my values array, and the code takes care of the rest - but that doesn't seem to be working.

Here's the code:

var temp = [1,3,2];
conn2string= "INSERT INTO " + process.env.DB_TABLE + '(`0`, `1`, `2`) VALUES ? ';

let query = connection.query(conn2string, temp, function (err, result) { // this will insert in to data base  //[vals2[0]]

And the resulting SQL connection string is:

'INSERT INTO test(`0`, `1`, `2`) VALUES 1 `

What I'm expecting Is:

'INSERT INTO test(`0`, `1`, `2`) VALUES (1, 3, 2); `

Any suggestions what I'm doing wrong?

Improve this question
3
  • I suggest you to use some kind of query-builder, like knexjs.org Commented Jan 12, 2021 at 10:52
  • Which database library are you using? mysql? Commented Jan 12, 2021 at 10:54
  • yes, i'm using mySQL Commented Jan 12, 2021 at 10:58

3 Answers 3

Reset to default
3

To do this with the mysql package, you need to wrap the temp variable inside an array. Remember to add the parentheses around the ? of the VALUES.

var temp = [1, 3, 2];
conn2string =
  "INSERT INTO " + process.env.DB_TABLE + "(`0`, `1`, `2`) VALUES (?) ";

let query = connection.query(conn2string, [temp], function (err, result) {
  
});

This is because the parameter after the SQL string expects an array whose elements match each ? or ?? in the SQL string. By passing the temp array directly, you're essentially telling it that the first ? is 1, the second ? is 3, the third ? is 2. However, when you wrap the temp array in another array, you're essentially telling it that the value of the first ? is the temp array, and it formats it accordingly.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Hey, great explanation - even I could understand it! That worked well too, so thanks for your help.
0

you can make a string value from array:

let query = connection.query(conn2string, '(' + temp.join(',') + ')', function (err, result) {

or, better, use full template:

var temp = [1,3,2];
conn2string= "INSERT INTO " + process.env.DB_TABLE + '(`0`, `1`, `2`) VALUES (?, ?, ?) ';

and to pass temp[0], temp[1], etc

or not to use a template:

conn2string= "INSERT INTO " + process.env.DB_TABLE + '(`0`, `1`, `2`) VALUES (' + temp[0] + ', ' + temp[1] + ', ' + temp[2] + ')';
Improve this answer

3 Comments

Thanks for the reply. I was hoping to be able to make the single question mark replaced with an array method work. The actual query I have is many many columns long, so embedding the data one way or another is not an option. Plan B is to build a query string, but the method of just using a single question mark was too simple to ignore.
Warning: you're exposing yourself to SQL injection attacks by building the query without escaping the values or using bound parameters or a parameterized query.
of course you should care about it. I just gave options with predefined number values
0

you can try embedded the data into sql string directly using this way:

conn2string= `INSERT INTO ${process.env.DB_TABLE} (`0`, `1`, `2`) VALUES (${temp.join(',')})`;

or I think you must insert n "?" like the numbert of element in array

Improve this answer

1 Comment

Warning: you're exposing yourself to SQL injection attacks by building the query without escaping the values or using bound parameters or a parameterized query.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.