Node-postgres: Passing parameters to `IN`

Created on 19 Jun 2020  路  4Comments  路  Source: brianc/node-postgres

Heya, how would one go about passing parameters to a query with IN?

For example:

SELECT *
FROM people
WHERE name in ($1)

I've tried to use:

pg.query(query, [['drake', 'zoey']], cb)

But I don't get results back when both drake and zoey are in the table.

However the following does seem to work:

pg.query(query.replace(/\$1/, ['drake', 'zoey'].map(v => `'${v}'`).join(','), cb)
question
Source
picture retrohacker

Most helpful comment

You can use = ANY instead:

SELECT *
FROM people
WHERE name = ANY ($1)
picture charmander on 20 Jun 2020
👍2

All 4 comments

You can use = ANY instead:

SELECT *
FROM people
WHERE name = ANY ($1)
charmander picture charmander on 20 Jun 2020
👍2

Duplicate of #1452

charmander picture charmander on 20 Jun 2020

However the following does seem to work:

pg.query(query.replace(/\$1/, ['drake', 'zoey'].map(v => `'${v}'`).join(','), cb)

(and, to be clear, definitely do not do this. It鈥檚 an SQL injection vulnerability.)

charmander picture charmander on 20 Jun 2020
👍1

<3 thank you

retrohacker picture retrohacker on 22 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gajus picture gajus  路  4Comments
chrisjensen picture chrisjensen  路  4Comments
frmoded picture frmoded  路  3Comments
wrod7 picture wrod7  路  4Comments
ossdev07 picture ossdev07  路  3Comments