I'm trying to update a column in my PostgresQL database using Nodejs:
res.rows.forEach((tmdbID) => {
(async () => {
const json = await fetchMovieData(tmdbID.tmdb_id);
const overview = json.overview.replace('\'', '\\\'');
console.log(overview);
pool.query(`UPDATE "Movie" SET overview = '${overview}' WHERE tmdb_id = ${json.id}`);
})();
});
async function fetchMovieData(tmdbID) {
const response = await fetch(`https://api.themoviedb.org/3/movie/${tmdbID}?api_key=a8f7039633f2065942cd8a28d7cadad4&language=en-US`);
const data = response.json();
return data;
}
The error I'm getting:
(node:1412) UnhandledPromiseRejectionWarning: error: syntax error at or near "s"
It happens on this string:
The Bride unwaveringly continues on her roaring rampage of revenge against the band of assassins who had tried to kill her and her unborn child. She visits each of her former associates one-by-one, checking off the victims on her Death List Five until there \'s nothing left to do … but kill Bill.
I'm trying to escape the 'but it doesn't seem to be working. Any tips?
Don't try to pass everything as a String, that is how SQL Injection happens. A better approach is to use parameters.
I'm not exactly sure which library are you using, but the syntax should be something similar to this:
pool.query('UPDATE "Movie" SET overview = ? WHERE tmdb_id = ?', [overview, json.id]);