single quotes in row query (sequelize)

Question

code:

const query = `SELECT DISTINCT :attribute FROM "users"`

sequelize.query(query { replacements: { attribute: attributes[0] } });

result (generated by sequelize):

SELECT DISTINCT 'locale' FROM "users"

how can i pass attribute to the query without single quotes or with double quotes ?

I can't reproduce it. Are you sure, that these quaracters are single quotes and not backticks ( ` )? https://stackoverflow.com/questions/261455/using-backticks-around-field-names — Phil, Jan 09 '18 at 15:12

score 0 · Accepted Answer · answered Jan 09 '18 at 17:33

0

Placeholders like :attribute represent query parameters. You can't use them to build a dynamic query.

If you need to change which column you're looking at, you could set query to SELECT DISTINCT ${attributes[0]} FROM "users" instead, but definitely make sure that attributes[0] cannot contain user input or your code will be vulnerable to SQL injection.

answered Jan 09 '18 at 17:33

dmfay

2,289
1
12
20

couple of other solutions work but this one doesn't, maybe cause it is array =_= – Yaroslav Prt Jan 09 '18 at 22:06

single quotes in row query (sequelize)

1 Answers1