hi @patrikx3 !
I'll try to explain with pseudo-code:
c - client, s - server
// after connection is set up
// QUERY
c: hey server, please tel me what is result of "SELECT name,email FORM users WHERE id=1234"
s: sure thing!
s: you'll have 2 fields in your response, of type string and named name,email
s: here is first row of data: "John Smith", "[email protected]"
s: actually, that's it. All done
...
c: hey server, please tel me what is result of "SELECT name,email FORM users WHERE id=1235"
s: sure thing!
s: you'll have 2 fields in your response, of type string and named name,email
s: here is first row of data: "John Donn", "[email protected]"
s: actually, that's it. All done
//EXECUTE:
c: hey server, please prepare statement for this query: "SELECT name,email FORM users WHERE id=?"
s: ok!
s: we'll use 123 for this statement, and here is some info about it: one parameter expected; 2 fields would be returned
s: all done
c: hey server, please tel me what is result of executing statement 123 with parameter set to 1235?
s: sure thing!
s: you'll have 2 fields in your response, of type string and named name,email
s: here is first row of data: "John Donn", "[email protected]"
s: actually, that's it. All done
Also the format in which data to and from server is serialised is slightly different. Results for query are sent as text where execute data is binary, for example in case of query 1234 would be sent as [4, 49, 50, 51, 52] bytes - "1234" prefixed with length and for "execute" it would be [210, 4] if type is mysql SHORT
soo pool.exec and pool.query are diferrent? pool.exec is a prepared statement?
do we have an api so i can check which function do?
yes
pool exec is a short version of pool.getConnection + connection.exec, where pool.query is a short version for pool.getConnection + connection.query
do we have an api so i can check which function do?
not sure I understand. Are you asking advise which one to use when? In general, if you have parameters (especially coming from outside and potentially untrusted) it's better to use execute as prepared statements give you an extra layer of protection against sql injection attacks
just asking if where is the API DOC? So i can examine the arguments and results etc...
sorry i read these first.
https://github.com/sidorares/node-mysql2/tree/master/examples
thanks if i get more questions so much!
no problems!
https://github.com/sidorares/node-mysql2/blob/master/documentation/Prepared-Statements.md , linked from main readme :)
wow so cool!!! all automatically! thanks!
Most helpful comment
hi @patrikx3 !
I'll try to explain with pseudo-code:
c - client, s - server
Also the format in which data to and from server is serialised is slightly different. Results for query are sent as text where
executedata is binary, for example in case of query 1234 would be sent as[4, 49, 50, 51, 52]bytes - "1234" prefixed with length and for "execute" it would be[210, 4]if type is mysqlSHORT