我正在尝试使用 Nodejs 更新我的 PostgresQL 数据库中的列:
res.rows.forEach((tmdbID) => {
(async () => {
const json = await fetchMovieData(tmdbID.tmdb_id);
const overview = json.overview.replace('\'', '\\\'');
console.log(overview);
pool.query(`UPDATE "Movie" SET overview = '${overview}' WHERE tmdb_id = ${json.id}`);
})();
});async function fetchMovieData(tmdbID) {
const response = await fetch(`https://api.themoviedb.org/3/movie/${tmdbID}?api_key=a8f7039633f2065942cd8a28d7cadad4&language=en-US`);
const data = response.json();
return data;
}我得到的错误:
(node:1412) UnhandledPromiseRejectionWarning: error: "s" 处或附近的语法错误
它发生在这个字符串上:
The Bride unwaveringly continues on her roaring rampage of revenge against the band of assassins who had tried to kill her and her unborn child. She visits each of her former associates one-by-one, checking off the victims on her Death List Five until there \'s nothing left to do … but kill Bill.
我试图逃避 ' 但它似乎没有工作。有小费吗?
回答1
不要尝试将所有内容都作为字符串传递,这就是 SQL 注入发生的方式。更好的方法是使用参数。
我不确定您使用的是哪个库,但语法应该与此类似:
pool.query('UPDATE "Movie" SET overview = ? WHERE tmdb_id = ?', [overview, json.id]);