1. 首页
  2. 问答
  3. SyntaxError:missing)参数列表后

SyntaxError:missing)参数列表后

2016-08-13 52 views
-1 
var records = ""; 
for(var i = 0; i < activity.length; i++) { 
sequelize.query("SELECT * from users WHERE city = '"+city+"'" AND categories LIKE CONCAT('%', activity[i], '%')"", { type: sequelize.QueryTypes.SELECT}) 
    .then(function(logs){ 
     records += logs; 
     matchCount += logs.length; 

    }); 
} 

console.log("--------------------------Priniting matched users-----------------------"); 
console.log(records); 

//INSERT DATA TO SQL 

sequelize.query("INSERT INTO users(name, lastname, email, phone, city, categories, createdAt, updatedAt) VALUES ('"+req.body.first_name+"', '"+req.body.last_name+"', '"+req.body.email+"', '"+req.body.tel+"', '"+req.body.city+"', , '"+JSON.stringify(activity)+"', 'test', 'test')");

来源

2016-08-13 Quique Garduño

+0

受害者再仔细看看循环中的'sequelize.query'调用。突出显示的语法对你来说看起来好吗?语法高亮的好编辑会帮助你。特别是如果编辑本身也有任何类型的错误检查。 –

+0

错字:''“+ city +”'“' – Tibrogargan

+3

我敢打赌,它给出了一个行号,冠军 –

回答

0

错误发生在带有粗体引号的select语句中。

var records = ""; 
for (var i = 0; i < activity.length; i++) { 
    sequelize.query("SELECT * from users WHERE city = '" + city + "'AND categories LIKE CONCAT('%', activity[i], '%')", { 
      type: sequelize.QueryTypes.SELECT 
     }).then(
     function(logs) { 
      records += logs; 
      matchCount += logs.length; 
     }); 
} 

console.log("--------------------------Priniting matched users-----------------------"); 
console.log(records); 

//INSERT DATA TO SQL 

sequelize.query("INSERT INTO users(name, lastname, email, phone, city, categories, createdAt, updatedAt) VALUES ('" + req.body.first_name + "', '" + req.body.last_name + "', '" + req.body.email + "', '" + req.body.tel + "', '" + req.body.city + "', , '" + JSON.stringify(activity) + "', 'test', 'test')");

来源

2016-08-13 09:00:16

1

你必须更加注重字符串引号,你的city收盘简单的报价和AND categories部分之间搞砸了。

它应该是这样的:

sequelize.query("SELECT * from users WHERE city = '"+city+"' AND categories LIKE CONCAT('%', activity[i], '%')", { type: sequelize.QueryTypes.SELECT})

此外,串联变量到SQL查询字符串时要小心,如果你不清理他们,你可能是一个SQL injection attack

来源

2016-08-13 09:00:52 martriay

相关问题

 相关问题