I want to add single quotes in the below code ('')
let name=Response.name;
//suppose in name i am getting name=Manav
now what i need to do is
con.query("Select * from accounts_master where name="(name)
i want Manav as 'Manav' in the above line i.e Select * from accounts_master where name='Manav'
Please help for the same
Solution 1:
Please use prepared statements instead of simple string concatenation or templates:
con.query('SELECT * FROM accounts_master WHERE name = ?', [name], (err, rows) => {
console.log(rows);
})
Doing otherwise may leave you vulnerable to SQL injection attack, as Bobby Tables demonstrates.