Skip to content

Commit

Permalink
Adds documentation about "??" to section "Escaping query identifiers"
Browse files Browse the repository at this point in the history
  • Loading branch information
@dresende
dresende committed Mar 15, 2013
1 parent 9388626 commit de4adfd
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions Readme.md
View file
Expand Up @@ -397,8 +397,16 @@ var query = 'SELECT * FROM posts ORDER BY ' + mysql.escapeId('posts.' + sorter);
console.log(query); // SELECT * FROM posts ORDER BY `posts`.`date`
```

When you pass an Object to `.escape()` or `.query()`, `.escapeId()` is used to avoid SQL
injection in object keys.
Alternatively, you can use `??` characters as placeholders for identifiers you would
like to have escaped like this:

```js
connection.query('SELECT * FROM ?? WHERE id = ?', ['users', userId], function(err, results) {
// ...
});
```

When you pass an Object to `.escape()` or `.query()`, `.escapeId()` is used to avoid SQL injection in object keys.

### Custom format

Expand Down

0 comments on commit de4adfd

Please sign in to comment.