Instead of this
mssql.ConnectionPool(config, err => {
console.log(err);
Try like this:
mssql.ConnectionPool(config)
.then((result) => {})
.catch((reason) => {});
.catch((reason) => {
console.error(reason);
});
function generateUpsertQueryString(myListOfObjects: MyDbTableRow[]) {
return myListOfObjects.map(o => `
-- update existing row if possible
UPDATE dbo.MyDbTable
SET SomeCol1 = '${o.someCol1}',
SomeCol2 = '${o.someCol1}'
WHERE SomeCol3 = '${o.someCol1}';
-- otherwise insert new row
IF @@ROWCOUNT = 0
INSERT INTO dbo.MyDbTable
(
SomeCol1,
SomeCol2,
SomeCol3
)
VALUES
(
'${o.someCol1}',
'${o.someCol2}',
'${o.someCol3}'
);
`).join('\n')
}
hey @dhensby / anybody, I typically use mssql
's "params" feature to escape strings. In the case above, the function is basically generating a giant query string. I pass the function a list of objects which should be used to update/insert rows into a table. So the function loops thru and generates an "upsert" statement for each item in the list. I foresee sql injection with this approach of using javascript template strings. Otherwise it seems I'd have to come up with a clever way to format all this data into the "params" object. Any ideas/recommendations?
dhensby on master
Update changelog for v5 Merge pull request #796 from dh… (compare)