我想构建一个函数,为SQlite UPDATE构建一个准备好的语句查询我目前的方法是简单地构建一个字符串,并将此sql发送到数据库但只有在你根本不关心安全的情况下,你才能做到这一点;-(
我当前的功能:
const newBrandData = {name: "def"};
const brand = {id: 1, name: "abc", prop1: ""};
update(brand, newBrandData) {
const keyValues = [];
Object.keys(newBrandData).forEach(e => {
keyValues.push(`${e} = "${newBrandData[e]}"`)
});
const sql = `UPDATE ${this.table} SET ${keyValues.toString()} WHERE id = ?`;
const params = [brand.id];
return this.run(sql, params);
}
不确定我是否理解您的问题,但您可以通过在各处使用占位符来避免连接键值:
const keyValues = [];
const params = [];
Object.keys(newBrandData).forEach(e => {
keyValues.push(`${e} = ?`);
params.push(newBrandData[e]);
});
const sql = `UPDATE ${this.table} SET ${keyValues.toString()} WHERE id = ?`;
params.push(brand.id);
你肯定走在了正确的轨道上。你只需要改变两件事:
-
替换
keyValues.push(${e}="${newBrandData[e]}";)与keyValues.push(${e}=?)`。 -
用
const params = [...Object.values(newBrandData), brand.id];替换const params = [brand.id];
update(brand, newBrandData) {
const keyValues = [];
Object.keys(newBrandData).forEach(e => {
keyValues.push(`${e} = ?`)
});
const sql = `UPDATE ${this.table} SET ${keyValues.toString()} WHERE id = ?`;
const params = [...Object.values(newBrandData), brand.id];
return this.run(sql, params)
}