How to pass arbitrary number of parameters to node-mssql

Question

I have a function where a text input is split into subtexts of each 51 characters and passed to mssql to update an arbitrary number of fields like so:

UPDATE some table
    SET 
    EXP1 = 'inputvalue1' 
    EXP2 = 'inputvalue2',
    EXP3 = 'inputvalue3',
    EXP4 = 'inputvalue4',
    EXP5 = 'inputvalue5',
    EXP6 = 'inputvalue6',

    WHERE id = @id

The problem is for shorter texts I do not need to update all of the fields. How can I set the query and the parameters arbitrarily in node-mssql so I can make full use of sql-injection prevention?

score 0 · Answer 1 · answered Nov 10 '22 at 08:48

0

I am not sure if I get your question

await sql.query`UPDATE TABLE 
${textElements.match(/.{51}/g).map((element,i) => `EXP${i+1}=${element}`).join(",") }
where id = {id}`

answered Nov 10 '22 at 08:48

Ibrahim shamma

399
5
13

How to pass arbitrary number of parameters to node-mssql

1 Answers1