SyntaxErrorの取得：欠落）引数リストの後

Question

var records = ""; 
for(var i = 0; i < activity.length; i++) { 
sequelize.query("SELECT * from users WHERE city = '"+city+"'" AND categories LIKE CONCAT('%', activity[i], '%')"", { type: sequelize.QueryTypes.SELECT}) 
    .then(function(logs){ 
     records += logs; 
     matchCount += logs.length; 

    }); 
} 

console.log("--------------------------Priniting matched users-----------------------"); 
console.log(records); 

//INSERT DATA TO SQL 

sequelize.query("INSERT INTO users(name, lastname, email, phone, city, categories, createdAt, updatedAt) VALUES ('"+req.body.first_name+"', '"+req.body.last_name+"', '"+req.body.email+"', '"+req.body.tel+"', '"+req.body.city+"', , '"+JSON.stringify(activity)+"', 'test', 'test')"); 

Answer 1

エラーは、wierd引用符を持つselect文にあります。あなたは、文字列の引用符にもっと注意を払わなければならない

var records = ""; 
for (var i = 0; i < activity.length; i++) { 
    sequelize.query("SELECT * from users WHERE city = '" + city + "'AND categories LIKE CONCAT('%', activity[i], '%')", { 
      type: sequelize.QueryTypes.SELECT 
     }).then(
     function(logs) { 
      records += logs; 
      matchCount += logs.length; 
     }); 
} 

console.log("--------------------------Priniting matched users-----------------------"); 
console.log(records); 

//INSERT DATA TO SQL 

sequelize.query("INSERT INTO users(name, lastname, email, phone, city, categories, createdAt, updatedAt) VALUES ('" + req.body.first_name + "', '" + req.body.last_name + "', '" + req.body.email + "', '" + req.body.tel + "', '" + req.body.city + "', , '" + JSON.stringify(activity) + "', 'test', 'test')"); 

Answer 2

、あなたはcityの開閉簡単な引用とAND categories部分との間にめちゃくちゃ。

それは次のようになります：SQL文字列のクエリに変数を連結するときにも

sequelize.query("SELECT * from users WHERE city = '"+city+"' AND categories LIKE CONCAT('%', activity[i], '%')", { type: sequelize.QueryTypes.SELECT}) 

、あなたがそれらをサニタイズしていない場合は、あなたが取るSQL injection attack