demo_db_where_placeholders.js:
var mysql = require('mysql'); var con = mysql.createConnection({ host: "localhost", user: "myusername", password: "mypassword", database: "mydb" }); con.connect(function(err) { if (err) throw err; var name = 'Amy'; var adr = 'Mountain 21'; //Escape the name and the address values: var sql = 'SELECT * FROM customers WHERE name = ? OR address = ?'; //Send an array with value(s) to replace the escaped values: con.query(sql, [name, adr], function (err, result) { if (err) throw err; console.log(result); }); });
C:\Users\My Name>node demo_db_where_placeholders.js
[
{ id: 3, name: 'Amy', address: 'Apple st 652'}
{ id: 4, name: 'Hannah', address: 'Mountain 21'}
]