Show
Table of Contents
InstallThis is a Node.js module available through the npm registry. Before installing, download and install Node.js. Node.js 0.6 or higher is required. Installation is done using the
For information about the previous 0.9.x releases, visit the v0.9 branch. Sometimes I may also ask you to install the latest version from Github to check if a bugfix is working. In this case, please do: $ npm install mysqljs/mysql IntroductionThis is a node.js driver for mysql. It is written in JavaScript, does not require compiling, and is 100% MIT licensed. Here is an example on how to use it: var mysql = require('mysql'); var connection = mysql.createConnection({ host : 'localhost', user : 'me', password : 'secret', database : 'my_db' }); connection.connect(); connection.query('SELECT 1 + 1 AS solution', function (error, results, fields) { if (error) throw error; console.log('The solution is: ', results[0].solution); }); connection.end(); From this example, you can learn the following:
ContributorsThanks goes to the people who have contributed code to this module, see the GitHub Contributors page. Additionally I'd like to thank the following people:
SponsorsThe following companies have supported this project financially, allowing me to spend more time on it (ordered by time of contribution):
CommunityIf you'd like to discuss this module, or ask questions about it, please use one of the following:
Establishing connectionsThe recommended way to establish a connection is this: var mysql = require('mysql'); var connection = mysql.createConnection({ host : 'example.org', user : 'bob', password : 'secret' }); connection.connect(function(err) { if (err) { console.error('error connecting: ' + err.stack); return; } console.log('connected as id ' + connection.threadId); }); However, a connection can also be implicitly established by invoking a query: var mysql = require('mysql'); var connection = mysql.createConnection(...); connection.query('SELECT 1', function (error, results, fields) { if (error) throw error; // connected! }); Depending on how you like to handle your errors, either method may be appropriate. Any type of connection error (handshake or network) is considered a fatal error, see the Error Handling section for more information. Connection optionsWhen establishing a connection, you can set the following options:
In addition to passing these options as an object, you can also use a url string. For example: var connection = mysql.createConnection('mysql://user:pass@host/db?debug=true&charset=BIG5_CHINESE_CI&timezone=-0700'); Note: The query values are first attempted to be parsed as JSON, and if that fails assumed to be plaintext strings. SSL optionsThe
When connecting to other servers, you will need to provide an object with any of the following options:
Here is a simple example: var connection = mysql.createConnection({ host : 'localhost', ssl : { ca : fs.readFileSync(__dirname + '/mysql-ca.crt') } }); You can also connect to a MySQL server without properly providing the appropriate CA to trust. You should not do this. var connection = mysql.createConnection({ host : 'localhost', ssl : { // DO NOT DO THIS // set up your ca correctly to trust the connection rejectUnauthorized: false } }); Connection flagsIf, for any reason, you would like to change the default connection flags, you can use the connection option var connection = mysql.createConnection({ // disable FOUND_ROWS flag, enable IGNORE_SPACE flag flags: '-FOUND_ROWS,IGNORE_SPACE' }); The following flags are available:
Terminating connectionsThere are two ways to end a connection. Terminating a
connection gracefully is done by calling the connection.end(function(err) { // The connection is terminated now }); This will make sure all previously enqueued queries are still executed before sending a An alternative way to end the connection is to call the Unlike Pooling connectionsRather than creating and managing connections one-by-one, this module also
provides built-in connection pooling using Create a pool and use it directly: var mysql = require('mysql'); var pool = mysql.createPool({ connectionLimit : 10, host : 'example.org', user : 'bob', password : 'secret', database : 'my_db' }); pool.query('SELECT 1 + 1 AS solution', function (error, results, fields) { if (error) throw error; console.log('The solution is: ', results[0].solution); }); This is a shortcut for the var mysql = require('mysql'); var pool = mysql.createPool(...); pool.getConnection(function(err, connection) { if (err) throw err; // not connected! // Use the connection connection.query('SELECT something FROM sometable', function (error, results, fields) { // When done with the connection, release it. connection.release(); // Handle error after the release. if (error) throw error; // Don't use the connection here, it has been returned to the pool. }); }); If you would like to close the
connection and remove it from the pool, use Connections are lazily created by the pool. If you configure the pool to allow up to 100 connections, but only ever use 5 simultaneously, only 5 connections will be made. Connections are also cycled round-robin style, with connections being taken from the top of the pool and returning to the bottom. When a previous connection is retrieved from the pool, a ping packet is sent to the server to check if the connection is still good. Pool optionsPools accept all the same options as a connection. When creating a new connection, the options are simply passed to the connection constructor. In addition to those options pools accept a few extras:
Pool eventsacquireThe pool
will emit an pool.on('acquire', function (connection) { console.log('Connection %d acquired', connection.threadId); }); connectionThe pool will emit a pool.on('connection', function (connection) { connection.query('SET SESSION auto_increment_increment=1') }); enqueueThe pool will emit an pool.on('enqueue', function () { console.log('Waiting for available connection slot'); }); releaseThe pool will emit a pool.on('release', function (connection) { console.log('Connection %d released', connection.threadId); }); Closing all the connections in a poolWhen you are done using the pool, you have to end all the connections or the Node.js event loop will stay active until the connections are closed by the MySQL server. This is typically done if the pool is used in a script or when trying to gracefully shutdown a server. To end all the connections in the pool, use the pool.end(function (err) { // all connections in the pool have ended }); The Once
PoolClusterPoolCluster provides multiple hosts connection. (group & retry & selector) // create var poolCluster = mysql.createPoolCluster(); // add configurations (the config is a pool config object) poolCluster.add(config); // add configuration with automatic name poolCluster.add('MASTER', masterConfig); // add a named configuration poolCluster.add('SLAVE1', slave1Config); poolCluster.add('SLAVE2', slave2Config); // remove configurations poolCluster.remove('SLAVE2'); // By nodeId poolCluster.remove('SLAVE*'); // By target group : SLAVE1-2 // Target Group : ALL(anonymous, MASTER, SLAVE1-2), Selector : round-robin(default) poolCluster.getConnection(function (err, connection) {}); // Target Group : MASTER, Selector : round-robin poolCluster.getConnection('MASTER', function (err, connection) {}); // Target Group : SLAVE1-2, Selector : order // If can't connect to SLAVE1, return SLAVE2. (remove SLAVE1 in the cluster) poolCluster.on('remove', function (nodeId) { console.log('REMOVED NODE : ' + nodeId); // nodeId = SLAVE1 }); // A pattern can be passed with * as wildcard poolCluster.getConnection('SLAVE*', 'ORDER', function (err, connection) {}); // The pattern can also be a regular expression poolCluster.getConnection(/^SLAVE[12]$/, function (err, connection) {}); // of namespace : of(pattern, selector) poolCluster.of('*').getConnection(function (err, connection) {}); var pool = poolCluster.of('SLAVE*', 'RANDOM'); pool.getConnection(function (err, connection) {}); pool.getConnection(function (err, connection) {}); pool.query(function (error, results, fields) {}); // close all connections poolCluster.end(function (err) { // all connections in the pool cluster have ended }); PoolCluster options
var clusterConfig = { removeNodeErrorCount: 1, // Remove the node immediately when connection fails. defaultSelector: 'ORDER' }; var poolCluster = mysql.createPoolCluster(clusterConfig); Switching users and altering connection stateMySQL offers a changeUser command that allows you to alter the current user and other aspects of the connection without shutting down the underlying socket: connection.changeUser({user : 'john'}, function(err) { if (err) throw err; }); The available options for this feature are:
A sometimes useful side effect of this functionality is that this function also resets any connection state (variables, transactions, etc.). Errors encountered during this operation are treated as fatal connection errors by this module. Server disconnectsYou may lose the connection to a MySQL server due to network problems, the server timing you out, the server being restarted, or crashing. All of these events are
considered fatal errors, and will have the Re-connecting a connection is done by establishing a new connection. Once terminated, an existing connection object cannot be re-connected by design. With Pool, disconnected connections will be removed from the pool freeing up space for a new connection to be created on the next getConnection call. With PoolCluster, disconnected connections will count as errors against the related node, incrementing the error code for that node. Once there are more than Performing queriesThe most basic way to perform a query is to call the The simplest form of connection.query('SELECT * FROM `books` WHERE `author` = "David"', function (error, results, fields) { // error will be an Error if one occurred during the query // results will contain the results of the query // fields will contain information about the returned results fields (if any) }); The second form connection.query('SELECT * FROM `books` WHERE `author` = ?', ['David'], function (error, results, fields) { // error will be an Error if one occurred during the query // results will contain the results of the query // fields will contain information about the returned results fields (if any) }); The third form connection.query({ sql: 'SELECT * FROM `books` WHERE `author` = ?', timeout: 40000, // 40s values: ['David'] }, function (error, results, fields) { // error will be an Error if one occurred during the query // results will contain the results of the query // fields will contain information about the returned results fields (if any) }); Note that a combination of the second and third forms can be used where the placeholder values are passed as an argument and not in the options object. The connection.query({ sql: 'SELECT * FROM `books` WHERE `author` = ?', timeout: 40000, // 40s }, ['David'], function (error, results, fields) { // error will be an Error if one occurred during the query // results will contain the results of the query // fields will contain information about the returned results fields (if any) } ); If the query only has a single replacement character ( connection.query( 'SELECT * FROM `books` WHERE `author` = ?', 'David', function (error, results, fields) { // error will be an Error if one occurred during the query // results will contain the results of the query // fields will contain information about the returned results fields (if any) } ); Escaping query valuesCaution These methods of escaping values only works when the NO_BACKSLASH_ESCAPES SQL mode is disabled (which is the default state for MySQL servers). Caution This library performs client-side escaping, as this is a library to generate SQL strings on the client side. The syntax for functions
like In order to avoid SQL Injection attacks, you should always escape any user provided data before using it inside a SQL query. You can do so using the var userId = 'some user provided value'; var sql = 'SELECT * FROM users WHERE id = ' + connection.escape(userId); connection.query(sql, function (error, results, fields) { if (error) throw error; // ... }); Alternatively, you can use connection.query('SELECT * FROM users WHERE id = ?', [userId], function (error, results, fields) { if (error) throw error; // ... }); Multiple placeholders are mapped to values in
the same order as passed. For example, in the following query connection.query('UPDATE users SET foo = ?, bar = ?, baz = ? WHERE id = ?', ['a', 'b', 'c', userId], function (error, results, fields) { if (error) throw error; // ... }); This looks similar to prepared statements in MySQL, however it really
just uses the same Caution This also differs from prepared statements in that all Different value types are escaped differently, here is how:
This escaping allows you to do neat things like this: var post = {id: 1, title: 'Hello MySQL'}; var query = connection.query('INSERT INTO posts SET ?', post, function (error, results, fields) { if (error) throw error; // Neat! }); console.log(query.sql); // INSERT INTO posts SET `id` = 1, `title` = 'Hello MySQL' And the var CURRENT_TIMESTAMP = { toSqlString: function() { return 'CURRENT_TIMESTAMP()'; } }; var sql = mysql.format('UPDATE posts SET modified = ? WHERE id = ?', [CURRENT_TIMESTAMP, 42]); console.log(sql); // UPDATE posts SET modified = CURRENT_TIMESTAMP() WHERE id = 42 To generate objects with a Caution The string provided to var CURRENT_TIMESTAMP = mysql.raw('CURRENT_TIMESTAMP()'); var sql = mysql.format('UPDATE posts SET modified = ? WHERE id = ?', [CURRENT_TIMESTAMP, 42]); console.log(sql); // UPDATE posts SET modified = CURRENT_TIMESTAMP() WHERE id = 42 If you feel the need to escape queries by yourself, you can also use the escaping function directly: var query = "SELECT * FROM posts WHERE title=" + mysql.escape("Hello MySQL"); console.log(query); // SELECT * FROM posts WHERE title='Hello MySQL' Escaping query identifiersIf you can't trust an SQL identifier (database / table / column name) because it is provided by a user, you should escape it with var sorter = 'date'; var sql = 'SELECT * FROM posts ORDER BY ' + connection.escapeId(sorter); connection.query(sql, function (error, results, fields) { if (error) throw error; // ... }); It also supports adding qualified identifiers. It will escape both parts. var sorter = 'date'; var sql = 'SELECT * FROM posts ORDER BY ' + connection.escapeId('posts.' + sorter); // -> SELECT * FROM posts ORDER BY `posts`.`date` If you do not want to treat var sorter = 'date.2'; var sql = 'SELECT * FROM posts ORDER BY ' + connection.escapeId(sorter, true); // -> SELECT * FROM posts ORDER BY `date.2` Alternatively, you can use var userId = 1; var columns = ['username', 'email']; var query = connection.query('SELECT ?? FROM ?? WHERE id = ?', [columns, 'users', userId], function (error, results, fields) { if (error) throw error; // ... }); console.log(query.sql); // SELECT `username`, `email` FROM `users` WHERE id = 1 Please note that this last character sequence is experimental and syntax might change When you pass an Object to Preparing QueriesYou can use mysql.format to prepare a query with multiple insertion points, utilizing the proper escaping for ids and values. A simple example of this follows: var sql = "SELECT * FROM ?? WHERE ?? = ?"; var inserts = ['users', 'id', userId]; sql = mysql.format(sql, inserts); Following this you then have a valid, escaped query that you can then send to the database safely. This is useful if you are looking to prepare the query before actually sending it to the database. As mysql.format is exposed from SqlString.format you also have the option (but are not required) to pass in stringifyObject and timezone, allowing you provide a custom means of turning objects into strings, as well as a location-specific/timezone-aware Date. Custom formatIf you prefer to have another type of query escape format, there's a connection configuration option you can use to define a custom format function. You can access the connection object if you want to use the built-in Here's an example of how to implement another format: connection.config.queryFormat = function (query, values) { if (!values) return query; return query.replace(/\:(\w+)/g, function (txt, key) { if (values.hasOwnProperty(key)) { return this.escape(values[key]); } return txt; }.bind(this)); }; connection.query("UPDATE posts SET title = :title", { title: "Hello MySQL" }); Getting the id of an inserted rowIf you are inserting a row into a table with an auto increment primary key, you can retrieve the insert id like this: connection.query('INSERT INTO posts SET ?', {title: 'test'}, function (error, results, fields) { if (error) throw error; console.log(results.insertId); }); When dealing with big numbers (above JavaScript Number precision limit), you should consider enabling This option is also required when fetching big numbers from the database, otherwise you will get values rounded to hundreds or thousands due to the precision limit. Getting the number of affected rowsYou can get the number of affected rows from an insert, update or delete statement. connection.query('DELETE FROM posts WHERE title = "wrong"', function (error, results, fields) { if (error) throw error; console.log('deleted ' + results.affectedRows + ' rows'); }) Getting the number of changed rowsYou can get the number of changed rows from an update statement. "changedRows" differs from "affectedRows" in that it does not count updated rows whose values were not changed. connection.query('UPDATE posts SET ...', function (error, results, fields) { if (error) throw error; console.log('changed ' + results.changedRows + ' rows'); }) Getting the connection IDYou can get the MySQL connection ID ("thread ID") of a given connection using the connection.connect(function(err) { if (err) throw err; console.log('connected as id ' + connection.threadId); }); Executing queries in parallelThe MySQL protocol is sequential, this means that you need multiple connections to execute queries in parallel. You can use a Pool to manage connections, one simple approach is to create one connection per incoming http request. Streaming query rowsSometimes you may want to select large quantities of rows and process each of them as they are received. This can be done like this: var query = connection.query('SELECT * FROM posts'); query .on('error', function(err) { // Handle error, an 'end' event will be emitted after this as well }) .on('fields', function(fields) { // the field packets for the rows to follow }) .on('result', function(row) { // Pausing the connnection is useful if your processing involves I/O connection.pause(); processRow(row, function() { connection.resume(); }); }) .on('end', function() { // all rows have been received }); Please note a few things about the example above:
Additionally you may be interested to know that it is currently not possible to stream individual row columns, they will always be buffered up entirely. If you have a good use case for streaming large fields to and from MySQL, I'd love to get your thoughts and contributions on this. Piping results with StreamsThe query object provides a convenience method For example, piping query results into another stream (with a max buffer of 5 objects) is simply: connection.query('SELECT * FROM posts') .stream({highWaterMark: 5}) .pipe(...); Multiple statement queriesSupport for multiple statements is disabled for security reasons (it allows for SQL injection attacks if values are not properly escaped). To use this feature you have to enable it for your connection: var connection = mysql.createConnection({multipleStatements: true}); Once enabled, you can execute multiple statement queries like any other query: connection.query('SELECT 1; SELECT 2', function (error, results, fields) { if (error) throw error; // `results` is an array with one element for every statement in the query: console.log(results[0]); // [{1: 1}] console.log(results[1]); // [{2: 2}] }); Additionally you can also stream the results of multiple statement queries: var query = connection.query('SELECT 1; SELECT 2'); query .on('fields', function(fields, index) { // the fields for the result rows that follow }) .on('result', function(row, index) { // index refers to the statement this result belongs to (starts at 0) }); If one of the statements in your query causes an error, the resulting Error object contains a Please note that the interface for streaming multiple statement queries is experimental and I am looking forward to feedback on it. Stored proceduresYou can call stored procedures from your queries as with any other mysql driver. If the stored procedure produces several result sets, they are exposed to you the same way as the results for multiple statement queries. Joins with overlapping column namesWhen executing joins, you are likely to get result sets with overlapping column names. By default, node-mysql will overwrite colliding column names in the order the columns are received from MySQL, causing some of the received values to be unavailable. However, you can also specify that you want your columns to be nested below the table name like this: var options = {sql: '...', nestTables: true}; connection.query(options, function (error, results, fields) { if (error) throw error; /* results will be an array like this now: [{ table1: { fieldA: '...', fieldB: '...', }, table2: { fieldA: '...', fieldB: '...', }, }, ...] */ }); Or use a string separator to have your results merged. var options = {sql: '...', nestTables: '_'}; connection.query(options, function (error, results, fields) { if (error) throw error; /* results will be an array like this now: [{ table1_fieldA: '...', table1_fieldB: '...', table2_fieldA: '...', table2_fieldB: '...', }, ...] */ }); TransactionsSimple transaction support is available at the connection level: connection.beginTransaction(function(err) { if (err) { throw err; } connection.query('INSERT INTO posts SET title=?', title, function (error, results, fields) { if (error) { return connection.rollback(function() { throw error; }); } var log = 'Post ' + results.insertId + ' added'; connection.query('INSERT INTO log SET data=?', log, function (error, results, fields) { if (error) { return connection.rollback(function() { throw error; }); } connection.commit(function(err) { if (err) { return connection.rollback(function() { throw err; }); } console.log('success!'); }); }); }); }); Please note that beginTransaction(), commit() and rollback() are simply convenience functions that execute the START TRANSACTION, COMMIT, and ROLLBACK commands respectively. It is important to understand that many commands in MySQL can cause an implicit commit, as described in the MySQL documentation PingA ping packet can be sent over a connection using the connection.ping(function (err) { if (err) throw err; console.log('Server responded to ping'); }) TimeoutsEvery operation takes an optional inactivity timeout option. This allows you to specify appropriate timeouts for operations. It is important to note that these timeouts are not part of the MySQL protocol, and rather timeout operations through the client. This means that when a timeout is reached, the connection it occurred on will be destroyed and no further operations can be performed. // Kill query after 60s connection.query({sql: 'SELECT COUNT(*) AS count FROM big_table', timeout: 60000}, function (error, results, fields) { if (error && error.code === 'PROTOCOL_SEQUENCE_TIMEOUT') { throw new Error('too long to count table rows!'); } if (error) { throw error; } console.log(results[0].count + ' rows'); }); Error handlingThis module comes with a consistent approach to error handling that you should review carefully in order to write solid applications. Most errors created by this module are instances of the JavaScript Error object. Additionally they typically come with two extra properties:
Fatal errors are propagated to all pending callbacks. In the example below, a fatal error is triggered by trying to connect to a blocked port. Therefore the error object is propagated to both pending callbacks: var connection = require('mysql').createConnection({ port: 1 // example blocked port }); connection.connect(function(err) { console.log(err.code); // 'ECONNREFUSED' console.log(err.fatal); // true }); connection.query('SELECT 1', function (error, results, fields) { console.log(error.code); // 'ECONNREFUSED' console.log(error.fatal); // true }); Normal errors however are only delegated to the callback they belong to. So in the example below, only the first callback receives an error, the second query works as expected: connection.query('USE name_of_db_that_does_not_exist', function (error, results, fields) { console.log(error.code); // 'ER_BAD_DB_ERROR' }); connection.query('SELECT 1', function (error, results, fields) { console.log(error); // null console.log(results.length); // 1 }); Last but not least: If a fatal errors occurs and there are no pending callbacks, or a normal error occurs which has no callback belonging to it, the error is emitted as an connection.on('error', function(err) { console.log(err.code); // 'ER_BAD_DB_ERROR' }); connection.query('USE name_of_db_that_does_not_exist'); Note: tl;dr: This module does not want you to deal with silent failures. You should always provide callbacks to your method calls. If you want to ignore this advice and suppress unhandled errors, you can do this: // I am Chuck Norris: connection.on('error', function() {}); Exception SafetyThis module is exception safe. That means you can continue to use it, even if one of your callback functions throws an error which you're catching using 'uncaughtException' or a domain. Type castingFor your convenience, this driver will cast mysql types into native JavaScript types by default. The default behavior can be changed through various Connection options. The following mappings exist: Number
Date
Buffer
StringNote text in the binary character set is returned as
It is not recommended (and may go away / change in the future) to disable type casting, but you can currently do so on either the connection: var connection = require('mysql').createConnection({typeCast: false}); Or on the query level: var options = {sql: '...', typeCast: false}; var query = connection.query(options, function (error, results, fields) { if (error) throw error; // ... }); Custom type castingYou can also pass a function and handle type casting yourself. You're given some column information like database, table and name and also type and length. If you just want to apply a custom type casting to a specific type you can do it and then fallback to the default. The function is provided two arguments The
The When getting the field data, the following helper methods are present on the
The MySQL protocol is a text-based protocol. This means that over the wire, all field types are represented as a string, which is why only string-like functions are available on the Here's an example of converting connection = mysql.createConnection({ typeCast: function (field, next) { if (field.type === 'TINY' && field.length === 1) { return (field.string() === '1'); // 1 = true, 0 = false } else { return next(); } } }); WARNING: YOU MUST INVOKE the parser using one of these three field functions in your custom typeCast callback. They can only be called once. Debugging and reporting problemsIf you are running into problems, one thing that may help is enabling the var connection = mysql.createConnection({debug: true}); This will print all incoming and outgoing packets on stdout. You can also restrict debugging to packet types by passing an array of types to debug: var connection = mysql.createConnection({debug: ['ComQueryPacket', 'RowDataPacket']}); to restrict debugging to the query and data packets. If that does not help, feel free to open a GitHub issue. A good GitHub issue will have:
Security issuesSecurity issues should not be first reported through GitHub or another public forum, but kept private in order for the collaborators to assess the report and either (a) devise a fix and plan a release date or (b) assert that it is not a security issue (in which case it can be posted in a public forum, like a GitHub issue). The primary private forum is email, either by emailing the module's author or opening a GitHub issue simply asking to whom a security issues should be addressed to without disclosing the issue or type of issue. An ideal report would include a clear indication of what the security issue is and how it would be exploited, ideally with an accompanying proof of concept ("PoC") for collaborators to work against and validate potentional fixes against. ContributingThis project welcomes contributions from the community. Contributions are accepted using GitHub pull requests. If you're not familiar with making GitHub pull requests, please refer to the GitHub documentation "Creating a pull request". For a good pull request, we ask you provide the following:
Running testsThe test suite is split into two parts: unit tests and integration tests. The unit tests run on any machine while the integration tests require a MySQL server instance to be setup. Running unit testsRunning integration testsSet the environment variables For example, if you have an installation of mysql running on localhost:3306 and no password set for the $ mysql -u root -e "CREATE DATABASE IF NOT EXISTS node_mysql_test" $ MYSQL_HOST=localhost MYSQL_PORT=3306 MYSQL_DATABASE=node_mysql_test MYSQL_USER=root MYSQL_PASSWORD= FILTER=integration npm test Todo
|