我正在做一个附带项目,遇到这个错误时遇到了一些死胡同。我已经确定它来自某个地方的nodepostgres包,但我认为我的查询没有本质上的错误!
这是我的代码:
router.post("/product/:id", async (req, res) => {
const id = req.params.id;
if (!id) throw new Error("ID not present");
if (!validateProductReviewForm(req.body))
throw new Error("Form not valid. Please fix and try again");
const { name, email, rating, comment } = req.body;
const date = new Date();
const sqlText = `INSERT INTO reviews ("name", email, rating, comment, date, productid) VALUES (${name}, ${email}, ${rating}, ${comment}, ${date}, ${id})`;
console.log(sqlText);
const { rows } = await query(sqlText);
res.send(rows);
});
这是我记录的查询:
INSERT INTO reviews ("name", email, rating, comment, date, productid) VALUES (Bill, jpfdhdl@live.com, 2, testing a review post, Tue Mar 30 2021 17:59:22 GMT+0100 (British Summer Time), 2)
任何帮助都将不胜感激。非常感谢
查询中缺少字符串和日期值的引号分隔符。但是,与其向sqlText变量添加必要的单引号,不如使用更好的技术并将值作为数组传递。
const sqlText = 'INSERT INTO reviews ("name", email, rating, comment, date, productid) VALUES ($1, $2, $3, $4, $5, $6)';
const values = [name, email, rating, comment, date, id];
const { rows } = await query(sqlText, values);