knex: Using .raw with an escaped question mark ('\\?') produce a syntax error

Environment

Knex version: 0.16.3 Database + version: mysql Ver 14.14 Distrib 5.7.25, for Linux (x86_64) using EditLine wrapper OS: Debian buster

Bug

  1. Explain what kind of behaviour you are getting and how you think it should do

Using .raw with an escaped question mark ('\\?') and other methods (limit, where, …), database server returns a syntax error

  1. Error message
Unhandled rejection Error: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1
    at Query.Sequence._packetToError (/home/urungi/urungi/node_modules/mysql/lib/protocol/sequences/Sequence.js:47:14)
    at Query.ErrorPacket (/home/urungi/urungi/node_modules/mysql/lib/protocol/sequences/Query.js:77:18)
    at Protocol._parsePacket (/home/urungi/urungi/node_modules/mysql/lib/protocol/Protocol.js:278:23)
    at Parser.write (/home/urungi/urungi/node_modules/mysql/lib/protocol/Parser.js:76:12)
    at Protocol.write (/home/urungi/urungi/node_modules/mysql/lib/protocol/Protocol.js:38:16)
    at Socket.<anonymous> (/home/urungi/urungi/node_modules/mysql/lib/Connection.js:91:28)
    at Socket.<anonymous> (/home/urungi/urungi/node_modules/mysql/lib/Connection.js:502:10)
    at emitOne (events.js:116:13)
    at Socket.emit (events.js:211:7)
    at addChunk (_stream_readable.js:263:12)
    at readableAddChunk (_stream_readable.js:250:11)
    at Socket.Readable.push (_stream_readable.js:208:10)
    at TCP.onread (net.js:607:20)
    --------------------
    at Protocol._enqueue (/home/urungi/urungi/node_modules/mysql/lib/protocol/Protocol.js:144:48)
    at Connection.query (/home/urungi/urungi/node_modules/mysql/lib/Connection.js:200:25)
    at /home/urungi/urungi/node_modules/knex/lib/dialects/mysql/index.js:144:18
    at Promise._execute (/home/urungi/urungi/node_modules/knex/node_modules/bluebird/js/release/debuggability.js:313:9)
    at Promise._resolveFromExecutor (/home/urungi/urungi/node_modules/knex/node_modules/bluebird/js/release/promise.js:483:18)
    at new Promise (/home/urungi/urungi/node_modules/knex/node_modules/bluebird/js/release/promise.js:79:10)
    at Client_MySQL._query (/home/urungi/urungi/node_modules/knex/lib/dialects/mysql/index.js:135:12)
    at Client_MySQL.query (/home/urungi/urungi/node_modules/knex/lib/client.js:192:17)
    at Runner.<anonymous> (/home/urungi/urungi/node_modules/knex/lib/runner.js:138:36)
    at Runner.tryCatcher (/home/urungi/urungi/node_modules/knex/node_modules/bluebird/js/release/util.js:16:23)
    at Runner.query (/home/urungi/urungi/node_modules/knex/node_modules/bluebird/js/release/method.js:15:34)
    at /home/urungi/urungi/node_modules/knex/lib/runner.js:47:21
    at tryCatcher (/home/urungi/urungi/node_modules/knex/node_modules/bluebird/js/release/util.js:16:23)
    at /home/urungi/urungi/node_modules/knex/node_modules/bluebird/js/release/using.js:185:26
    at tryCatcher (/home/urungi/urungi/node_modules/knex/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/home/urungi/urungi/node_modules/knex/node_modules/bluebird/js/release/promise.js:512:31)
  1. Reduced test code
const knex = require('knex')({
    client: 'mysql',
    connection: {
        host: '127.0.0.1',
        user: 'user',
        password: 'user',
        database: 'koha'
    }
});

const qb = knex('borrowers')
    .select(knex.raw('CONCAT(??, "\\?")', 'borrowernumber'))
    .limit(1);

console.log(qb.toString());
// select CONCAT(`borrowernumber`, "?") from `borrowers` limit 1
// This query, if executed manually in mysql client, is valid and returns results

qb.then(result => {
    console.log(result);  // This is never executed
});

About this issue

  • Original URL
  • State: open
  • Created 5 years ago
  • Comments: 17 (4 by maintainers)

Most upvoted comments

I tried with \? and it’s working by now.

Ticket can be close.

+5
Martindelataille on Mar 1, 2022

knex.raw() seems to be replacing question marks within strings. e.g. knex.raw("INSERT INTO foo (bar) VALUES ('hello ?');" gets inserted with hello $25. I was trying to use knex-migrate-sql-file to do some bulk INSERTs from a pg_dump file and everything blew up with corrupted data.

Is there anyway to achieve a truly raw query with knex? I’m looking for a work around other than accessing knex.client.

+5
wholebuzz on Apr 12, 2021

This issue occurred in knex v2.0.0 and Oracle 12.1c db.whereRaw(`REGEXP_LIKE(“column1”, ‘^[±]\\?\\d*\.\\?\\d+([eE][±]\\?\\d+)\\?$’)`) the original regex is ^[+-]?\d*\.?\d+([eE][+-]?\d+)?$
I checked the v$sql in oracle, even though I escaped ? as \\?, knex translates all question marks into parameter binding any advise would be appreciated

+3
iyuiasd7 on Jun 2, 2022

I created PR https://github.com/ozum/knex-migrate-sql-file/pull/4 to escape question marks in SQL file. Any suggestions appreciated. Works better than it did for me, but I worry there’s more edge cases to trip over in the future.

+2
wholebuzz on Apr 12, 2021

\\u003F solved my problems : )

+1
675076143 on Jun 9, 2023

This issue is still persisting. Attempting to use raw transactions to update URLs in a MySQL database. Any updates on this bug?

+1
julianwagle on May 10, 2023

Shouldn’t it be '\\?' rather than "\\?" ? Not too keen on mysql syntax… But using Postgres the example above works just fine (after replacing " with ’ ofc)

+1
wubzz on Mar 18, 2019
Read more comments on GitHub
← knex: Update operations do not support joins
knex: Why can't I do knex migrate:latest using Docker-Composer? →