为了避免sql注入,引入了 ? 但是条件搜索麻烦死了,应该有相关的专门拼接的库,现手写了,好麻烦 😱
const presql = 'SELECT * FROM XXXXXXXXXXX where name LIKE ?';
router.get('/queryXXXX', function (req, res, next) {
var sql = presql;
var nullv = "null"
var templateSql = [req.query.name+"%"];
if(req.query.name != nullv || req.query.engine != nullv || req.query.type != nullv)
{
if(req.query.project != nullv)
{
sql += ' and project=?'
templateSql.push(req.query.project);
}
if(req.query.engine != nullv)
{
sql += ' and engine=?'
templateSql.push(req.query.engine);
}
if(req.query.type != nullv)
{
sql += ' and type=?'
templateSql.push(req.query.type);
}
};
console.log("=====getart " + sql);
db.query(sql, templateSql, function (err, result) {
if (err) {
console.log('[SELECT ERROR]:', err.message);
}
res.send(result);
});
});