How to put fully string content in js

Asked May 13 '21 at 16:10

Active May 13 '21 at 16:23

Viewed 51 times

so i have this block of sql query code here for sending user description to db in node js.

const sqlAddDescription = (desc, id) => {return `UPDATE \`Memcon\`.\`users_list\` SET \`description\` = '${desc}' WHERE (\`id\` = '${id}')`}

it's working completely fine, in the client user inputs a text and the db process goes on with no problem.

BUT if the user sends an input with backticks or quotes or even brackets, the process gonna fail because their text head on goes to ${desc} and it replaces it, so it creates an error.

How can i tell js to fully stringify the text, no matter the inputs.

(i also tried JSON.stringify but that serves a different purpose )

edited May 13 '21 at 16:23

Shadow

33,525
10
51
64

asked May 13 '21 at 16:10

Ferox

Does this answer your question? [Javascript string replace with regex to strip off illegal characters](https://stackoverflow.com/questions/3780696/javascript-string-replace-with-regex-to-strip-off-illegal-characters) – nbk May 13 '21 at 16:22
Use parameterized query https://stackoverflow.com/questions/49840094/how-to-write-a-parameterized-sql-query-in-javascript – Serg May 13 '21 at 17:09

How to put fully string content in js

0 Answers0