Pay attention to the documentation of node-mysql
:
If you paid attention, you may have noticed that this escaping allows you to do neat things like this:
var post = {id: 1, title: 'Hello MySQL'}; var query = connection.query('INSERT INTO posts SET ?', post, function(err, result) { // Neat! }); console.log(query.sql); // INSERT INTO posts SET `id` = 1, `title` = 'Hello MySQL'
Notice that they use SET
instead of VALUES
. INSERT INTO ... SET x = y
is a valid MySQL query, while INSERT INTO ... VALUES x = y
is not.