Company logo
  • Jobs
  • Bootcamp
  • About Us
  • For professionals
    • Home
    • Jobs
    • Courses
    • Questions
    • Teachers
    • Bootcamp
  • For business
    • Home
    • Our process
    • Plans
    • Assessments
    • Payroll
    • Blog
    • Calculator

0

89
Views
How to escape apostrophes using NodeJS

I'm trying to update a column in my PostgresQL database using Nodejs:

res.rows.forEach((tmdbID) => {
  (async () => {
    const json = await fetchMovieData(tmdbID.tmdb_id);
    const overview = json.overview.replace('\'', '\\\'');
    console.log(overview);
    pool.query(`UPDATE "Movie" SET overview = '${overview}' WHERE tmdb_id = ${json.id}`);
  })();
});
async function fetchMovieData(tmdbID) {
  const response = await fetch(`https://api.themoviedb.org/3/movie/${tmdbID}?api_key=a8f7039633f2065942cd8a28d7cadad4&language=en-US`);
  const data = response.json();
  return data;
}

The error I'm getting:

(node:1412) UnhandledPromiseRejectionWarning: error: syntax error at or near "s"

It happens on this string:

The Bride unwaveringly continues on her roaring rampage of revenge against the band of assassins who had tried to kill her and her unborn child. She visits each of her former associates one-by-one, checking off the victims on her Death List Five until there \'s nothing left to do … but kill Bill.

I'm trying to escape the 'but it doesn't seem to be working. Any tips?

7 months ago · Juan Pablo Isaza
1 answers
Answer question

0

Don't try to pass everything as a String, that is how SQL Injection happens. A better approach is to use parameters.

I'm not exactly sure which library are you using, but the syntax should be something similar to this:

pool.query('UPDATE "Movie" SET overview = ? WHERE tmdb_id = ?', [overview, json.id]);
7 months ago · Juan Pablo Isaza Report
Answer question
Find remote jobs

Discover the new way to find a job!

Top jobs
Top job categories
Business
Post job Plans Our process Sales
Legal
Terms and conditions Privacy policy
© 2023 PeakU Inc. All Rights Reserved.