인수 인수 목록 뒤의 SyntaxError : missing)

Question

var records = ""; 
for(var i = 0; i < activity.length; i++) { 
sequelize.query("SELECT * from users WHERE city = '"+city+"'" AND categories LIKE CONCAT('%', activity[i], '%')"", { type: sequelize.QueryTypes.SELECT}) 
    .then(function(logs){ 
     records += logs; 
     matchCount += logs.length; 

    }); 
} 

console.log("--------------------------Priniting matched users-----------------------"); 
console.log(records); 

//INSERT DATA TO SQL 

sequelize.query("INSERT INTO users(name, lastname, email, phone, city, categories, createdAt, updatedAt) VALUES ('"+req.body.first_name+"', '"+req.body.last_name+"', '"+req.body.email+"', '"+req.body.tel+"', '"+req.body.city+"', , '"+JSON.stringify(activity)+"', 'test', 'test')"); 

Answer 1

오류가 선택문에 큰 따옴표가 있습니다. 당신은 문자열 따옴표에 더 많은 관심을 지불해야

var records = ""; 
for (var i = 0; i < activity.length; i++) { 
    sequelize.query("SELECT * from users WHERE city = '" + city + "'AND categories LIKE CONCAT('%', activity[i], '%')", { 
      type: sequelize.QueryTypes.SELECT 
     }).then(
     function(logs) { 
      records += logs; 
      matchCount += logs.length; 
     }); 
} 

console.log("--------------------------Priniting matched users-----------------------"); 
console.log(records); 

//INSERT DATA TO SQL 

sequelize.query("INSERT INTO users(name, lastname, email, phone, city, categories, createdAt, updatedAt) VALUES ('" + req.body.first_name + "', '" + req.body.last_name + "', '" + req.body.email + "', '" + req.body.tel + "', '" + req.body.city + "', , '" + JSON.stringify(activity) + "', 'test', 'test')"); 

Answer 2

, 당신은 city의 폐쇄 단순 인용하고 AND categories 부분 사이에 나사.

그것은 다음과 같아야합니다는 SQL 문자열 쿼리에 변수을 연결하는 경우 또한

sequelize.query("SELECT * from users WHERE city = '"+city+"' AND categories LIKE CONCAT('%', activity[i], '%')", { type: sequelize.QueryTypes.SELECT}) 

, 당신이 그들을 소독하지 않는 경우가 찍 SQL injection attack