How to use LIMIT and placeholders in MySQL (Node.JS)

Question

I'm trying to execute a query with placeholders using Node.js and MySQL. However, the LIMIT placeholder doesn't seem to work because the value after it should be without quotes. This is my query:

SELECT userName, clicks FROM users ORDER BY clicks DESC LIMIT ?

How do I get the behavior I want using placeholders, is this possible? The following is the complete code statement, where data.topUsersCount is an integer value:

con.query("SELECT userName, clicks FROM users ORDER BY clicks DESC LIMIT ?", [data.topUsersCount], (err, topUsersData) => {
    // Handle data
});

I also tried using the double placeholder "??" but it didn't work either.

Answer 1

Here's how you might handle this in your code:

if (Number.isInteger(data.topUsersCount)) {
  let queryString = "SELECT userName, clicks FROM users ORDER BY clicks DESC LIMIT " + data.topUsersCount;

  con.query(queryString, (err, topUsersData) => {
    // Handle data
  });
} else {
  // Handle error
  console.log("Invalid limit value");
}

In the above code, use Number.isInteger(data.topUsersCount) to check whether data.topUsersCount is a safe integer before incorporating it into the query string. This is critical to preventing SQL injection attacks.