Node.js - The multi part could not be bound

Question

I have an error (node:1152) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 3): RequestError: The multi-part identifier "SC1.refb" could not be bound.

In console log show all select but it seems that comes to the last and gives the error.

My code:

return Promise.all(parts.map(function(part) {
          console.log("SELECT sc.scstamp, st.u_posic, st.fornec, st.fornecedor, sc.ref, sc.qtt, sc.design FROM sc INNER JOIN st  ON st.ref = sc.ref WHERE sc.refb = '"+kitRef+"' AND st.u_posic = '"+part.u_order+"'"+
          "UNION SELECT SC2.scstamp, st.u_posic, st.fornec, st.fornecedor, SC2.ref, SC2.qtt, SC2.design FROM sc AS SC1"+
          "INNER JOIN sc SC2 ON SC2.refb = SC1.ref INNER JOIN st  ON st.ref = SC2.ref WHERE SC1.refb = '"+kitRef+"' AND st.u_posic = '"+part.u_order+"'");
            return request.query("SELECT [sc].[scstamp], [st].[u_posic], [st].[fornec], [st].[fornecedor], [sc].[ref], [sc].[qtt], [sc].[design] FROM sc INNER JOIN st  ON st.ref = sc.ref WHERE sc.refb = '"+kitRef+"' AND st.u_posic = '"+part.u_order+"'"+
            "UNION SELECT [SC2].[scstamp], [st].[u_posic], [st].[fornec], [st].[fornecedor], [SC2].[ref], [SC2].[qtt], [SC2].[design] FROM sc AS SC1"+
            "INNER JOIN sc SC2 ON SC2.refb = SC1.ref INNER JOIN st  ON st.ref = SC2.ref WHERE SC1.refb = '"+kitRef+"' AND st.u_posic = '"+part.u_order+"'")
            .then(function(articles) {

                return {part:part, articles:articles};
            });
        }));

The query is ok because if i put it in sql works well.

Thank you

add a `.catch(function(e){ console.log(e) })` chained after the `.then` — stecb, Apr 10 '17 at 09:58
give me error on SC1.ref and SC1.refb . What is the problem? @stecb — user3242861, Apr 10 '17 at 10:01
@user3242861 you need to seriously consider the advice in the answer below about sql injection — poida, Apr 10 '17 at 11:49

score 2 · Answer 1 · edited Jun 20 '20 at 09:12

It seems that you have some whitespace messed up in the SQL but that is the least of your problems here.

First of all, always attach a rejection handler to every promise or otherwise your app will crash on errors. Example:

Bad:

f().then(function (articles) { ... });

Good:

f().then(function (articles) { ... }, function (error) { ... });

Also good:

f().then(function (articles) { ... }).catch(function (error) { ... });

See this answer to know why it's important:

Should I refrain from handling Promise rejection asynchronously?

Second of all, never concatenate strings with SQL or otherwise you will get SQL injection vulnerabilities. Example:

Bad, unsafe, error prone and hard to maintain:

connection.query(
  "SELECT * FROM player WHERE nick = '" + data.login + "' AND pass = '" + data.pass + "'",
  function (err, rows) {
    //...
  }
);

Good, safe, robust and easy to maintain:

connection.query(
  "SELECT * FROM player WHERE nick = ? AND pass = ?",
  [data.login, data.pass],
  function (err, rows) {
    // ...
  }
);

See those answers for more details:

Obligatory comic strip that demonstrates the problem:

Node.js - The multi part could not be bound

1 Answers1

Linked