Use replacements with raw Sequelize query: avoid single quotes?
This probably has a very simple answer, but I don't see it.
I want to make a raw request using Sequelize:
var sequelize = require('sequelize');
sequelize
.query("LOAD DATA LOCAL INFILE :file
INTO TABLE :table
FIELDS TERMINATED BY ',' ENCLOSED BY '\"' LINES TERMINATED BY '\n';",
null,
{raw:true},
{file: datasetPath, table: "dataset_" + datasetName})
The problem is that the replacement string includes single quotes for replacement :file
(which is good, because that is the path) and replacement :table
(which is bad, because it just has to be a name without a name, and splits the query). How to avoid these quotes in case of table name replacement?
Thank.
source to share
If you are sure that it datasetName
will never contain SQL injection capabilities, you can directly insert the table name into the query, for example:
sequelize
.query("LOAD DATA LOCAL INFILE :file
INTO TABLE dataset_" + datasetName + "
FIELDS TERMINATED BY ',' ENCLOSED BY '\"' LINES TERMINATED BY '\n';",
null,
{raw:true}, {file: datasetPath})
The comment posted by mwarren doesn't really really work in this case - Sequelize sees it inserted into a string and escapes it accordingly.
source to share