Sequelize 中的嵌套 SELECT 查询
nested SELECT query in Sequelize
如何在 Sequelize 中使用嵌套 SELECT 语句进行查询以防止 sql 注入?
MySQL 的条件查询示例:
SELECT * FROM cities WHERE country_id IN (SELECT id FROM countries WHERE lang = 'French');
如果是原始查询,那么您通常不需要手动将输入插入 SQL:
const res = sequelize.query(`SELECT * FROM cities
WHERE country_id IN (SELECT id FROM countries WHERE lang = $lang)`, {
type: Sequelize.QueryTypes.SELECT,
bind: {
lang: 'French'
});
QueryGenerator.selectQuery () 从 sql 次注射中节省:
const lang = 'French';
const subQuery = sequelize.dialect.QueryGenerator.selectQuery('countries',
{
attributes: ['id'],
where: {
lang: lang,
}
})
.slice(0,-1); // to remove the ';' from the end of the SQL
CitiesModel.findAll( {
where: {
country_id: {
[Op.in]: sequelize.literal('(' + subQuery + ')'),
}
}
} );
如何在 Sequelize 中使用嵌套 SELECT 语句进行查询以防止 sql 注入?
MySQL 的条件查询示例:
SELECT * FROM cities WHERE country_id IN (SELECT id FROM countries WHERE lang = 'French');
如果是原始查询,那么您通常不需要手动将输入插入 SQL:
const res = sequelize.query(`SELECT * FROM cities
WHERE country_id IN (SELECT id FROM countries WHERE lang = $lang)`, {
type: Sequelize.QueryTypes.SELECT,
bind: {
lang: 'French'
});
QueryGenerator.selectQuery () 从 sql 次注射中节省:
const lang = 'French';
const subQuery = sequelize.dialect.QueryGenerator.selectQuery('countries',
{
attributes: ['id'],
where: {
lang: lang,
}
})
.slice(0,-1); // to remove the ';' from the end of the SQL
CitiesModel.findAll( {
where: {
country_id: {
[Op.in]: sequelize.literal('(' + subQuery + ')'),
}
}
} );