如果数组中的每个对象都应该是表中的一行,那么您要做的是SQL Insert Multiple Rows。也就是说,我们只使用一个插入命令来插入多个对象。因此,每个对象可能有许多属性,不仅是名称,还有年龄等。
因此,对于每个对象,您必须使用值 (name, age) 创建 SQL 元组。
最后,在 SQL 脚本中,它们必须在如下命令中以逗号分隔的值列表分组:
INSERT INTO DOWNLOAD_LIST(name,age) VALUES
(1,11),
(2,22),
(3,33),
(4,44),
(5,55),
(6,66);
一种可能的方法是如下代码:
var elements = [{
"name": 1,
"age":11
}, {
"name": 2,
"age": 22
}, {
"name": 3,
"age": 33
}, {
"name": 4,
"age": 44
}, {
"name": 5,
"age": 55
}, {
"name": 6,
"age": 66
}];
let attributes = ["name","age"];
let attributes_list = attributes.join(",");
let values = elements.map(
element => {
attributes = [element.name, element.age]
return "(" + attributes.join(",") + ")";
}
).join(",\n");
var sql = `INSERT INTO DOWNLOAD_LIST(${attributes_list}) VALUES ${values};`;
console.log(sql);
但是,这对于 SQL 注入来说仍然很脆弱。所以,让我们尝试类似于What are Best Practices for preventing SQL injection in node-mysql? 的这些建议:
var elements = [{
"name": 1,
"age":11
}, {
"name": 2,
"age": 22
}, {
"name": 3,
"age": 33
}, {
"name": 4,
"age": 44
}, {
"name": 5,
"age": 55
}, {
"name": 6,
"age": 66
}];
let attributes = ["name","age"];
let binds = elements.map(
(element,key) => {
attributes = [':name_'+key, ':age_'+key]
return "(" + attributes.join(",") + ")";
}
).join(",\n");
let attributes_list = attributes.join(",");
let values = elements.map(
(element,key) => {
let key_name = ':name_' + key;
let key_age = ':age_' + key;
let obj = {};
obj[key_name] = element.name;
obj[key_age] = element.age;
return obj;
}
);
let valuescombined = values.reduce(
(a,b) => {
return {...a,...b};
}
);
var sql = `INSERT INTO DOWNLOAD_LIST(${attributes_list}) VALUES ${binds};`;
console.log(sql);
console.log(valuescombined);
此命令应创建绑定 SQL 命令和指向每个值的值:
INSERT INTO DOWNLOAD_LIST(:name_5,:age_5) VALUES (:name_0,:age_0),
(:name_1,:age_1),
(:name_2,:age_2),
(:name_3,:age_3),
(:name_4,:age_4),
(:name_5,:age_5);
{
":name_0": 1,
":age_0": 11,
":name_1": 2,
":age_1": 22,
":name_2": 3,
":age_2": 33,
":name_3": 4,
":age_3": 44,
":name_4": 5,
":age_4": 55,
":name_5": 6,
":age_5": 66
}