Is there a way to execute stored procedure using Nodejs mysql pool so that it is safe from sql injection?I have a stored procedure that I am calling like this: rows = await pool.query(`Call users_getInfoByNameAndHash('${name}','${hash}')`) rows = rows[0] However, if try to login with username `Dave's` then I want it to execute the query with that string but I get:> Error: ER\PARSE_ERROR: You have an error in your SQL syntax; check the)> manual that corresponds to your MySQL server version for the right> syntax to use near 'Dave'Here is my code for stored procedure: create procedure users_getInfoByNameAndHash ( IN name varchar(255), IN pass varchar(255) ) BEGIN Select * from users where userName = name and password = pass; END Edit2 :I have experience using MSSQL with Nodejs which allows us to do: let result = await rows.request() .input('userName', sql.VarChar(50), name) .input('password', sql.VarChar(70), hash) .execute('usp_web_verifyWebUser') I have not found anything like this for mysql.
Submitted June 12, 2020 at 06:19PM by sahilgreen
No comments:
Post a Comment