Learn

Another way to implement prepared statements is to use named placeholders. Instead of using an array, we use an object to map the parameters to the query variables.

Consider the following prepared statement using placeholders:

db.all("SELECT * FROM Employee  WHERE FirstName = ? AND LastName = ? ", 
  [req.body.lastName, req.body.firstName], 
  (error, results) => {
  ...
});

The query can be reconstructed to use named placeholders by replacing the ? with a variable beginning with the $ character, and passing an object that maps to the named placeholder value.

db.all("SELECT * FROM Employee  WHERE FirstName = $firstName AND LastName = $lastName ", 
  {
    $firstName: req.body.firstName,
    $lastName: req.body.lastName
  },
  (error, results) => {
  ...
});

This minimal change makes the code more readable for complicated queries.

Instructions

1.

Inside the /info route in app.js, change the SQL query into a prepared statement using named placeholder syntax.

Take this course for free

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?