The front end passes an array of parameters [mobile phone number, column name to be modified, value of column name to be modified]. How to write this SQL?

[problem description]: when the front end uses Vue.js, to modify user information, some modules have common components;
when the user enters a module (figure 2), click the Save button to update the database;

clipboard.png

clipboard.png

the backend uses the same SQL (update table name set column name = new value where mobile = a user)
but this [column name, new value, user] are all parameters passed by the front end.
the personal SQL is written as: UPDATE user SET? =? WHERE mobile=?
but asked a colleague, and he said there was a risk of injection
[question]: so how do I write this SQL??

Mysql node.js vue.js
Mar.23,2021

non-backend, to put it simply, tap wrong:

handwritten SQL, should pay attention to Filter sensitive fields and prevent SQL injection and preventive measures ;

what I really want to say is: TMD, is not a back-end job? (funny)

do you mean that the backend prevents injection when writing update tables? That is, try not to use concatenated mysql statements to query, if you want, also do a regular judgment, this according to your needs to write.
it is best to use the ORM framework to manipulate the database.

Previous: How to get the duration and size of audio url based on java

Next: How does vue use router to jump to the page in the click event of methods?

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b379db-2c09f.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b379db-2c09f.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?