Difference between .query() and .execute()
See original GitHub issueI was under the impression that .execute() is always better because of prepared statements.
I cannot explain the following though.
This does not work (using .execute())…
const sql = `INSERT INTO ${this.table} SET ?`
return this.app.db.execute(sql, payload)
But this works (using .query())…
const sql = `INSERT INTO ${this.table} SET ?`
return this.app.db.query(sql, payload)
Am I missing something?
Note: I’m using the Promise wrapper.
Issue Analytics
- State:
- Created 6 years ago
- Reactions:7
- Comments:10 (4 by maintainers)
Top Results From Across the Web
Difference Between Execute(), query() and Update() Methods ...
execute(): The return type is Boolean, indicating whether ResultSet return · executeQuery(): Type method returns a ResultSet, execute returns the ...
Read more >Difference between .query() and .execute() in MySQL
With .execute() prepared statement parameters are sent from the client as a serialized string and handled by the server. Since let data =...
Read more >What is the difference between execute(), executeQuery() and ...
The execute() method: This method is used to execute SQL DDL statements, it returns a boolean value specifying weather the ResultSet object can ......
Read more >Difference Between executeQuery(), executeUpdate() and ...
executeQuery() command used for getting the data from database whereas executeUpdate() command used for insert,update,delete or execute() command used ...
Read more >Difference Between Execute(), Query() and Update() Methods ...
Statement execute(String query)is used to execute any SQL query and it returns TRUE if the result is an ResultSet such as running Select...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Feel free to contribute ‘query vs execute’ section to documentation 😃 Looks like other people often have questions similar to yours
not sure if I understand correctly.
.query()does not do “real” prepared statements, it does client side placeholders substitution.It does escape values for each key when parameter is an object ( like in “INSERT INTO table SET ?” example ), so it’s safe to do
.query("INSERT INTO students SET ?", [{ name: "Robert'; DROP TABLE students; --"}])https://github.com/mysqljs/sqlstring/blob/8f193cae10a2208010102fd50f0b61e869e14dcb/lib/SqlString.js#L54
https://github.com/mysqljs/sqlstring/blob/8f193cae10a2208010102fd50f0b61e869e14dcb/lib/SqlString.js#L180