如何在 Sequelize 中使用受 SQL 注入(inject)保护的嵌套 SELECT 语句进行查询?
MySQL 条件查询的示例:
SELECT * FROM cities WHERE country_id IN (SELECT id FROM countries WHERE lang = 'French');
最佳答案
QueryGenerator.selectQuery()保存sql注入(inject):
const lang = 'French';
const subQuery = sequelize.dialect.QueryGenerator.selectQuery('countries',
{
attributes: ['id'],
where: {
lang: lang,
}
})
.slice(0,-1); // to remove the ';' from the end of the SQL
CitiesModel.findAll( {
where: {
country_id: {
[Op.in]: sequelize.literal('(' + subQuery + ')'),
}
}
} );
关于Sequelize 中的嵌套 SELECT 查询,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65027205/