How can i escape variable in MySQL query?
I don’t find any way to prevent mysql injection.
I think QUOTE() function doesn’t protect from the SQL injection.
I have input data from the previous node and I want use this data in MySQL query but I can’t escape the input.
I miss the MySQL2 Prepared Statements
Another option could be creating a Javascript function like this
Putting sample code in a function node and escaping dangerous characters will do the job.
1 Like
It’s can work in my case, but i have lot of time i will make the prepared statement support for the mysql node.