I want to add single quotes in the below code ('')

let name=Response.name; 

//suppose in name i am getting name=Manav

now what i need to do is

con.query("Select * from accounts_master where name="(name)

i want Manav as 'Manav' in the above line i.e Select * from accounts_master where name='Manav'

Please help for the same


Solution 1:

Please use prepared statements instead of simple string concatenation or templates:

con.query('SELECT * FROM accounts_master WHERE name = ?', [name], (err, rows) => {
  console.log(rows);
})

Doing otherwise may leave you vulnerable to SQL injection attack, as Bobby Tables demonstrates.