I want to add single quotes in the below code ('')

javascript automation node.js sql database 
let name=Response.name;

//suppose in name i am getting name=Manav

now what i need to do is

con.query("Select * from accounts_master where name="(name)

i want Manav as 'Manav' in the above line i.e Select * from accounts_master where name='Manav'

Please help for the same


Solution 1:

Please use prepared statements instead of simple string concatenation or templates:

con.query('SELECT * FROM accounts_master WHERE name = ?', [name], (err, rows) => {
  console.log(rows);
})

Doing otherwise may leave you vulnerable to SQL injection attack, as Bobby Tables demonstrates.

Related

Firebase error: Function failed on loading user code (node.js)
htaccess config to block depending on browser agent
proftpd cannot upload (550 error)
Problems installing SQL Server 2008 SP2
Why is the total size of my files on Windows 7 more than total disk size?
Can I change the Logon type of a windows service through GPO
Which mail header does Outlook 2003+ use to indicate the confidentiality?
Apache stops responding to http requests -- https continues to work
StrongSwan connecting from Windows 10
How can I set the default permissions for files uploaded by apache2?
Centos does not open port/s after the rule/s are appended
AC Input for 48 Volt DC Powered Server