1
0
mirror of https://github.com/node-red/node-red-nodes.git synced 2023-10-10 13:36:58 +02:00

Add support for batch of SQL statements (#466)

* Add support for batch of SQL statements
This commit is contained in:
tmdoit 2018-07-19 13:33:43 +02:00 committed by Dave Conway-Jones
parent 911f739005
commit e308b0c1f9
2 changed files with 21 additions and 6 deletions

View File

@ -34,6 +34,7 @@
<option value="msg.topic">Via msg.topic</option> <option value="msg.topic">Via msg.topic</option>
<option value="fixed">Fixed Statement</option> <option value="fixed">Fixed Statement</option>
<option value="prepared">Prepared Statement</option> <option value="prepared">Prepared Statement</option>
<option value="batch">Batch without response</option>
</select> </select>
</div> </div>
<div class="form-row" style="margin-bottom: 0px;"> <div class="form-row" style="margin-bottom: 0px;">
@ -53,7 +54,8 @@
<p>SQL Query <i>Via msg.topic</i> and <i>Fixed Statement</i> uses the <b>db.all</b> operation against the configured database. This does allow INSERTS, UPDATES and DELETES. <p>SQL Query <i>Via msg.topic</i> and <i>Fixed Statement</i> uses the <b>db.all</b> operation against the configured database. This does allow INSERTS, UPDATES and DELETES.
By its very nature it is SQL injection... so <i>be careful out there...</i></p> By its very nature it is SQL injection... so <i>be careful out there...</i></p>
<p>SQL Type <i>Prepared Statement</i> also uses <b>db.all</b> but sanitizes parameters passed, eliminating the possibility of SQL injection.</p> <p>SQL Type <i>Prepared Statement</i> also uses <b>db.all</b> but sanitizes parameters passed, eliminating the possibility of SQL injection.</p>
<p>When using msg.topic <code>msg.topic</code> must hold the <i>query</i> for the database.</p> <p>SQL Type <i>Batch without response</i> uses <b>db.exec</b> which runs all SQL statements in the provided string. No result rows are returned.</p>
<p>When using <i>Via msg.topic</i> or <i>Batch without response</i> <code>msg.topic</code> must hold the <i>query</i> for the database.</p>
<p>When using Normal or Prepared the <i>query</i> must be entered in the node config.</p> <p>When using Normal or Prepared the <i>query</i> must be entered in the node config.</p>
<p>Pass in the parameters as an object in <code>msg.params</code> for Prepared. Ex:<br /> <p>Pass in the parameters as an object in <code>msg.params</code> for Prepared. Ex:<br />
<code>msg.params = {<br /> <code>msg.params = {<br />
@ -111,7 +113,7 @@
}); });
$("#node-input-sqlquery").change(function() { $("#node-input-sqlquery").change(function() {
if ($("#node-input-sqlquery").val() == "msg.topic"){ if ($("#node-input-sqlquery").val() == "msg.topic" || $("#node-input-sqlquery").val() == "batch"){
$("#node-input-sqllabel").hide(); $("#node-input-sqllabel").hide();
$("#node-input-sql-editor").hide(); $("#node-input-sql-editor").hide();
} }

View File

@ -55,10 +55,23 @@ module.exports = function(RED) {
}); });
} }
else { else {
if (typeof msg.topic !== 'string') { node.error("msg.topic : the query is not defined as a string",msg);
node.error("msg.topic : the query is not defined as a string",msg); node.status({fill:"red",shape:"dot",text:"msg.topic error"});
node.status({fill:"red",shape:"dot",text:"msg.topic error"}); }
} }
if (this.sqlquery == "batch") {
if (typeof msg.topic === 'string') {
node.mydbConfig.db.exec(msg.topic, function(err) {
if (err) { node.error(err,msg);}
else {
msg.payload = [];
node.send(msg);
}
});
}
else {
node.error("msg.topic : the query is not defined as string", msg);
node.status({fill:"red", shape:"dot",text:"msg.topic error"});
} }
} }
if (this.sqlquery == "fixed"){ if (this.sqlquery == "fixed"){