serverless-mysql icon indicating copy to clipboard operation
serverless-mysql copied to clipboard

Published 20 hours ago verified publisher icon jeremydaly

mysql.raw() and mysql.format() are not a function. I can't escaping the query syntax.

Open RakaDoank opened this issue 4 years ago • 4 comments

I tried mysql.raw() and mysql.format() to passing an query to mysql.query, like this example const db=require('./db'); const id=await mysql.raw('REPLACE(UUID(),"-","")'); const query=await mysql.format('insert into table values (?,?)',[id,123]);

that would be catch an error it said, mysql.raw or mysql.format are not a function (to be exact, "is not a function").

Even without mysql.raw(), i can use 'objects' instead 'that have a toSqlString method will have .toSqlString() called and the returned value is used as the raw SQL' (quoted from mysqljs docs), but still, mysql.format is not a function.

Those function are in mysqljs docs. I expected Serverless MySQL is a wrapper for Doug Wilson's amazing mysql Node.js module. but, i can't use those function.

Or, is there something i missed?

My 'main handler' (db.js or whatever) is just simple with some config and 'module.exports' const mysql=require('serverless-mysql')({ config: {host:process.env.MYSQL_HOST, port:process.env.MYSQL_PORT, database:process.env.MYSQL_DATABASE, user:process.env.MYSQL_USER, password:process.env.MYSQL_PASSWORD} }); module.exports=mysql;

Help me. i can't avoid those technique because i have to. I'm sorry for that English

RakaDoank avatar Jan 20 '21 17:01 RakaDoank

Looks like invalid SQL to me

"insert into table values (?,?)",[id,123]

should be

"insert into table (?) values (?)",[id,123]

translates to

"insert into table (id) values (123)"

trasherdk avatar Jan 21 '21 02:01 trasherdk

@trasherdk it doesn't invalid. What i'm trying to do is input UUID in values syntax, not the ID as column reference. mysql.query('insert into table values (?,?)',[id,123]); is same as this one mysql.query(`insert into table values ('${id}','123')`); but the first one does escape values while the second one doesn't,

In my issue, i want the id is containing sql syntax to generate UUID natively, like UUID(), so that's why i need mysql.raw() and mysql.format().

This is the example from mysql docs var CURRENT_TIMESTAMP = mysql.raw('CURRENT_TIMESTAMP()'); var sql = mysql.format('UPDATE posts SET modified = ? WHERE id = ?', [CURRENT_TIMESTAMP, 42]); console.log(sql); // UPDATE posts SET modified = CURRENT_TIMESTAMP() WHERE id = 42

RakaDoank avatar Jan 21 '21 08:01 RakaDoank

@RakaDoank I ran into this same thing. Until the issue is fixed, here's a workaround using the sqlstring npm module (which is what mysqljs uses under the hood.

Run npm install sqlstring --save or yarn add sqlstring.

Then define a helper function called format like below:

const sqlstring = require('sqlstring');
const format = (stmt, inserts) => sqlstring.format(stmt, inserts);

Then use that in your query:

const query = format('insert into table values (?,?)',[id,123]);

Note that the "sqlstring.format" method is syncronous, so no need to use the await keyword.

Hope this helps! 👍

codebravotech avatar Jul 23 '21 21:07 codebravotech

Also, you should be able to do something similar using the .raw() method of sqlstring, but I haven't needed that so I haven't tested it out. But if you follow the same pattern as for format (make your own helper method using the sqlstring library) I'm sure it will work

codebravotech avatar Jul 23 '21 21:07 codebravotech