blocks|key|3012784|text|对于奇怪的MySQL列名，不能用单引号将它们括起来。单引号只是将值转换为字符串。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3012785|在MySQL中，反引号用于此操作。例如|3012786|UPDATE+`table+with+space`+SET+`column+with+space`+=+'bar';|code-block|syntax|javascript|3012787|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|L|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|M|8|@]|9|@]|A|$G|H]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

For weird MySQL column names, you can't put single quotes around them. Single quotes just turn the value into a string.

The backtick is used for this in MySQL. For example

<pre><code>UPDATE `table with space` SET `column with space` = 'bar';
</code></pre>

blocks|key|949984|text|检查下面的代码。或许能行得通，|type|unstyled|depth|inlineStyleRanges|entityRanges|data|949985|con.query(
++'UPDATE+scores+SET+'%2Bupdate%2B'+=+?+Where+score_id+=+?',
++//+Old+-+[${mysql.escape(newValue)},+${mysql.escape(singleScore.score_id)}],
++/*+Update+-+*/+[newValue,singleScore.score_id],
++(err,+result)+=>+{
++++if+(err)+throw+err;
++++console.log(`Changed+${result.changedRows}+row(s)`);
++}
);|code-block|syntax|javascript|949986|根据您的查询，${mysql.escape(update)}包含值中的单引号。|offset|length|style|CODE|949987|entityMap^0|0|0|7|N|0^^$0|@$1|2|3|4|5|6|7|O|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|P|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|Q|8|@$I|R|J|S|K|L]]|9|@]|A|$]]|$1|M|3|-4|5|6|7|T|8|@]|9|@]|A|$]]]|N|$]]

Check the below code. It might work,

<pre><code>con.query(
 'UPDATE scores SET '+update+' = ? Where score_id = ?',
 // Old - [${mysql.escape(newValue)}, ${mysql.escape(singleScore.score_id)}],
 /* Update - */ [newValue,singleScore.score_id],
 (err, result) =&gt; {
 if (err) throw err;
 console.log(`Changed ${result.changedRows} row(s)`);
 }
);
</code></pre>

As per your query, <code>${mysql.escape(update)}</code> includes the single quote from the value.

blocks|key|3012814|text|Tamilvanan解决方案只需稍加更改即可解决此问题|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3012815|+db.query(
++++++++++++'UPDATE+scores+SET+'%2Bupdate%2B'+=+?+Where+score_id+=+?',
++++++++++++[newValue,+singleScore.score_id],
++++++++++++(err,+result)+=>+{
++++++++++++++if+(err)+throw+err;
++++++++++++++console.log(`Changed+${result.changedRows}+row(s)`);
++++++++++++}
++++++++++);|code-block|syntax|javascript|3012816|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

Tamilvanan solution with a tiny change fixes the issue

<pre><code> db.query(
 'UPDATE scores SET '+update+' = ? Where score_id = ?',
 [newValue, singleScore.score_id],
 (err, result) =&gt; {
 if (err) throw err;
 console.log(`Changed ${result.changedRows} row(s)`);
 }
 );
</code></pre>

blocks|key|3012835|text|看起来您正在使用mysql+NPM+package。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|3012836|escape方法用于转义查询值。要转义查询标识符(如列名)，应该改用escapeId方法。您的代码应如下所示：|style|CODE|3012837|const+update+=++'the+name+of+my+column';
const+UpdateQuery+=+`UPDATE+scores
++++SET+${mysql.escapeId(update)}+=+${mysql.escape(newValue)}
++++WHERE+score_id+=+${mysql.escape(singleScore.score_id)}`;|code-block|syntax|javascript|3012838|同样，如果使用替换，请使用双问号而不是单问号来转义标识符。|3012839|const+update+=++'the+name+of+my+column';
const+UpdateQuery+=+`UPDATE+scores
++++SET+??+=+?
++++WHERE+score_id+=+?`;
const+replacements+=+[update,+newValue,+singleScore.score_id];|3012840|See+the+mysql+docs+for+more+details.|3012841|entityMap|0|LINK|mutability|MUTABLE|url|https://www.npmjs.com/package/mysql|1|https://www.npmjs.com/package/mysql#escaping-query-identifiers^0|8|H|0|0|0|6|Y|8|0|0|0|0|0|10|1|0^^$0|@$1|2|3|4|5|6|7|12|8|@]|9|@$A|13|B|14|1|15]]|C|$]]|$1|D|3|E|5|6|7|16|8|@$A|17|B|18|F|G]|$A|19|B|1A|F|G]]|9|@]|C|$]]|$1|H|3|I|5|J|7|1B|8|@]|9|@]|C|$K|L]]|$1|M|3|N|5|6|7|1C|8|@]|9|@]|C|$]]|$1|O|3|P|5|J|7|1D|8|@]|9|@]|C|$K|L]]|$1|Q|3|R|5|6|7|1E|8|@]|9|@$A|1F|B|1G|1|1H]]|C|$]]|$1|S|3|-4|5|6|7|1I|8|@]|9|@]|C|$]]]|T|$U|$5|V|W|X|C|$Y|Z]]|10|$5|V|W|X|C|$Y|11]]]]

It looks like you are using the <a href="https://www.npmjs.com/package/mysql" rel="nofollow noreferrer">mysql NPM package</a>.
The <code>escape</code> method is used for escaping query values. To escape query identifiers (like column names) you should use the <code>escapeId</code> method instead. Your code should look like this:
<pre><code>const update = 'the name of my column';
const UpdateQuery = `UPDATE scores
 SET ${mysql.escapeId(update)} = ${mysql.escape(newValue)}
 WHERE score_id = ${mysql.escape(singleScore.score_id)}`;
</code></pre>
Similarly, if you are using replacements, use a double question mark instead of a single to escape identifiers.
<pre><code>const update = 'the name of my column';
const UpdateQuery = `UPDATE scores
 SET ?? = ?
 WHERE score_id = ?`;
const replacements = [update, newValue, singleScore.score_id];
</code></pre>
<a href="https://www.npmjs.com/package/mysql#escaping-query-identifiers" rel="nofollow noreferrer">See the mysql docs for more details.</a>

Currently I have this issue, the problem is that the table name gets a set of quotation marks (ad it's a string) and this makes the server crash.

<pre><code>const update = 'the name of my column';
const UpdateQuery = `UPDATE scores
 SET ${mysql.escape(update)} = ${mysql.escape(newValue)}
 WHERE score_id = ${mysql.escape(singleScore.score_id)}`;
</code></pre>

<code>mysql.escape()</code> works fine for everything except for the column name.

This is what I get if I console.log the query after injecting the variables:

<pre><code>UPDATE scores
SET 'the name of my column' = 1
WHERE score_id = 1
</code></pre>

How can I use a variable as column name in mysql / express?

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

目前我有这个问题，问题是表名得到一组引号(ad它是一个字符串)，这会使服务器崩溃。const update =  'the name of my column';const UpdateQuery = `UPDATE scores    SET ${mysql.escape(update)} = ${mysql.esc...

问如何在mysql / express中使用变量作为列名？
EN

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问如何在mysql / express中使用变量作为列名？EN