Didn’t the front-end page obtain what the user selected and send the content selected by the user to the backend? The backend would know what the user selected and then assemble the sql. This may cause sql injection problems. You can judge Is the value passed down legal?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
https://github.com/hongliuliao/yuetu-orm/blob/master/src/com/finallygo...
Refer to this getSelectSql method, obj is an object composed of all query conditions
Didn’t the front-end page obtain what the user selected and send the content selected by the user to the backend? The backend would know what the user selected and then assemble the sql. This may cause sql injection problems. You can judge Is the value passed down legal?
Tell the truth! This function may not be as simple as directly querying with sql. You have simplified the problem