Learn
Another way to implement prepared statements is to use named placeholders. Instead of using an array, we use an object to map the parameters to the query variables.
Consider the following prepared statement using placeholders:
db.all("SELECT * FROM Employee WHERE FirstName = ? AND LastName = ? ", [req.body.lastName, req.body.firstName], (error, results) => { ... });
The query can be reconstructed to use named placeholders by replacing the ?
with a variable beginning with the $
character, and passing an object that maps to the named placeholder value.
db.all("SELECT * FROM Employee WHERE FirstName = $firstName AND LastName = $lastName ", { $firstName: req.body.firstName, $lastName: req.body.lastName }, (error, results) => { ... });
This minimal change makes the code more readable for complicated queries.
Instructions
1.
Inside the /info
route in app.js, change the SQL query into a prepared statement using named placeholder syntax.
Take this course for free
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.