Replace ' with anything else for SQL

smitterer · 7 July 2022 12:37

Hi,

I'm getting an error when trying to import data from a csv into a MariaDB:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'ANTHRAZIT', 'undefined', '9,16', '0,000', '0,000', '0,000', '1,000', '1' at line 1

Therefore I'm trying to remove the ' in the SQL statement (which is generated) prior to connecting to the DB using:

I also tried:

var str = msg.topic;

var res = str.replace(/[']/gi, '');

msg.topic = res;

return msg;

and various variations.

Can anyone pls tell me how to search for ' and replace it with nothing or any character which will not crash my INSERT into SQL?

Thanks

Steve-Mcl · 7 July 2022 12:40

Use query parameters instead of dynamic SQL Strings.

Not only does it remove the need to strip characters from your strings, it protects against SQL Injection.

smitterer · 7 July 2022 19:34

Thanks for your answer.

Would you mind explaining this or let me know what I have to search for?
I really have very little knowledge about SQL, just trying to import a huge csv into a DB based on Upload large CSV file to SQL database (flow) - Node-RED but I had to change the postgresql node to mysql: node-red-contrib-stackhero-mysql (node) - Node-RED
Currently msg.topic is msg.payload from the sql (of the referenced flow)

Thanks

smitterer · 14 July 2022 20:17

I now tried removing all ' inside of csvs with:

msg.payload = msg.payload.replace(/'/g, '');

return msg;

and

var changer = msg.payload;

msg.payload = changer.replace(/'/g, '');

return msg;

Always getting "TypeError: ........replace is not a function"

Does anyone know why this is not a function / why it's not working?
I put this function in front of the sql function.

Thanks

Colin · 14 July 2022 20:31

Is msg.payload a String? Previously you were working with msg.topic.

smitterer · 14 July 2022 20:59

msg.payload is an array and inside of these objects are values from a csv, chunked via chunks-to-lines node of which the output is text.
After the sql function, msg.topic is set to be the same as msg.payload so it functions with the sql node.

Colin · 15 July 2022 06:16

replace() is a function that must be called on a string, not an array. If you want to call it on all the elements of an array then look at the function Array.map()

system · 13 September 2022 06:16

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[SOLVED]The dreaded "query not defined as a string" mysql General	5	4632	31 October 2018
How to insert data with this string value and how to split it, i new for using node-red General	8	1398	31 October 2021
SQL data return array data types? MSSQL Node General	17	476	26 March 2023
Pb with SQL and special characters (like ') General	6	117	16 May 2023
Newbie - msg.payload into SQL General	7	2268	13 December 2019

Replace ' with anything else for SQL

Related topics