|
|
@@ -107,18 +107,23 @@ client.findById=async function(cid,attributes){
|
|
|
|
|
|
var staffDetail=[];
|
|
|
|
|
|
- var tblName1 = 'CLD_client_staff', tblName2='CLD_staff';
|
|
|
var cid = '20160923 AND 1=1;-- hack';
|
|
|
- var sqlQuery = 'SELECT b.* FROM ${tblName1} as a left join ${tblName2} as b on (a.sid=b.sid) where a.cid=$cid';
|
|
|
+ var sqlQuery = 'SELECT b.* FROM CLD_client_staff as a left join CLD_staff as b on (a.sid=b.sid) where a.cid=?';
|
|
|
|
|
|
- await this.sequelize.query(sqlQuery,
|
|
|
- type: sequelize.QueryTypes.SELECT,
|
|
|
- bind: {
|
|
|
- cid: cid
|
|
|
- }
|
|
|
- ).spread((results, metadata) => {
|
|
|
- staffDetail=results[0];
|
|
|
- });
|
|
|
+ sequelize.query(sqlQuery,
|
|
|
+ { replacements: [cid], type: sequelize.QueryTypes.SELECT }
|
|
|
+ ).then(function(projects) {
|
|
|
+ console.log(projects)
|
|
|
+ })
|
|
|
+
|
|
|
+// await this.sequelize.query(sqlQuery,
|
|
|
+// type: sequelize.QueryTypes.SELECT,
|
|
|
+// bind: {
|
|
|
+// cid: cid
|
|
|
+// }
|
|
|
+// ).spread((results, metadata) => {
|
|
|
+// staffDetail=results[0];
|
|
|
+// });
|
|
|
|
|
|
|
|
|
|
