Escape Single Quote In Postgres Query Inside Node Js App

Here is a line from my node js code: var qry = 'INSERT INTO 'sma'.'RMD'('UserId','Favourite') VALUES (' + req.body.user + ',' + JSON.stringify(req.body.favourite) + ')' I want to

Solution 1:

Why don't you use prepared statements?

var qry = 'INSERTINTO"sma"."RMD"("UserId","Favourite")  VALUES ($1, $2)';
client.query(qry, [ req.body.user, JSON.stringify(req.body.favourite])'

Solution 2:

You could also use template literals to build your query

Template literals which use the back-tick character Check main answer here

alert(`Use "double"and'single' quotes in the same string`);
alert(`The escape the \` back-tick character in a string`);

Template literals offer a clean syntax for: variable interpolation, multi-line strings, and more.