0

i've problem when escaping sql to store data on mysql using NODEJS. i build html email on NODEJS code, and using single quote like this

var html =  (\`) <div class="column vertical-bottom" style="transition: .5s all; display: table-cell; width: 50%; font-family: inherit; vertical-align: bottom;">
                        <div class="social" style="font-family: 'Helvetica Neue', sans-serif; transition: .5s all; display: block; vertical-align: bottom;">
                            <div class="item-social" style="font-family: 'Helvetica Neue', sans-serif; transition: .5s all; box-sizing: border-box; float: right; display: inline-block; margin-left: 6px; width: 24px; height: 24px; margin-bottom: 10px;">
                                <a href="'${msg.footer.social.ig}" style="font-family: 'Helvetica Neue', sans-serif; transition: .5s all; text-decoration: none;"><img src="instagram_img" class="icon-social" style="font-family: 'Helvetica Neue', sans-serif; transition: .5s all; width: 100%;">
                                </a>
                            </div> (\`)

i know, there's no string with html variable, i've using (`) for build this html email. because single quote i use for declaring name of font, and double quotes for css class.

and when i've been store data on mysql, i got error. because there is single quote on there.

Error :

ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Helvetica Neue', s

Query :

insert into tr_email_queue(recipient, subject, message, created_date, last_modify_date, modify_user_id, status) values ('${param.recipient}', '${param.subject}', '${param.message}', NOW(), NOW(), '${param.modify_user_id}', 'A')

the question how to escape/replace this single quote to (\') like the documentation of mysql escape string..

or maybe you have any right direction for build html email on NODE JS? please help thanks..

Hallman
  • 17
  • 1
  • 7

0 Answers0