Mysql scape string


#1

hi, somewhere in my query i have this:

'WHEN property_id = ' + property_id + ' THEN "' + value + '" '

how to escape value string to be safe for mysql?


#2

Isn’t it easier to use the query builder?


#3

it’s a bit hard on multi updates with conditions


#4

Can someone convert this query to query builder format:

UPDATE my_table
SET D = CASE
    WHEN A = 6 THEN 1
    WHEN A = 8 THEN 2
    ELSE D
END
WHERE A IN (6,8)

#5

Just go to knexjs docs https://knexjs.org/ and search for escape, you will find handful of examples


#6

This ought to work…

Database.raw('UPDATE my_table SET D = CASE
  WHEN A = ? THEN 1 
  WHEN A = ? THEN 2
  ELSE D
END WHERE A IN (?,?)', [6, 8, 6, 8])