I have already tried many ways to prevent it using escape method, name-placeholder, node-mysql etc, or even look at similar post here in stackoverflow but none seems to help. I did my own research on ORM, parameterized statements and lots of websites but still not working. Here is my code.
module.exports.getOneDesignData = function (recordId) {
console.log('getOneDesignData method is called.');
console.log('Prepare query to fetch one design record');
userDataQuery = `SELECT file_id,cloudinary_file_id,cloudinary_url,design_title,design_description
FROM file WHERE file_id= ?` + recordId;
return new Promise((resolve, reject) => {
pool.getConnection((err, connection) => {
if (err) {
console.log('Database connection error ', err);
resolve(err);
} else {
connection.query(userDataQuery, (err, results) => {
if (err) {
reject(err);
} else {
validationFn.sanitizeResult(results)
resolve(results);
}
connection.release();
});
}
});
});
}