[TOC] # Install `$ npm install mysql` For information about the previous 0.9.x releases, visit the v0.9 branch. Sometimes I may also ask you to install the latest version from Github to check if a bugfix is working. In this case, please do: `$ npm install felixge/node-mysql` # Introduction This is a node.js driver for mysql. It is written in JavaScript, does not require compiling, and is 100% MIT licensed. Here is an example on how to use it: ~~~ var mysql = require('mysql'); var connection = mysql.createConnection({ host : 'localhost', user : 'me', password : 'secret', database : 'my_db' }); connection.connect(); connection.query('SELECT 1 + 1 AS solution', function(err, rows, fields) { if (err) throw err; console.log('The solution is: ', rows[0].solution); }); connection.end(); ~~~ From this example, you can learn the following: Every method you invoke on a connection is queued and executed in sequence. Closing the connection is done using end() which makes sure all remaining queries are executed before sending a quit packet to the mysql server. Contributors # Establishing connections The recommended way to establish a connection is this: ~~~ var mysql = require('mysql'); var connection = mysql.createConnection({ host : 'example.org', user : 'bob', password : 'secret' }); connection.connect(function(err) { if (err) { console.error('error connecting: ' + err.stack); return; } console.log('connected as id ' + connection.threadId); }); However, a connection can also be implicitly established by invoking a query: var mysql = require('mysql'); var connection = mysql.createConnection(...); connection.query('SELECT 1', function(err, rows) { // connected! (unless `err` is set) }); ~~~ Depending on how you like to handle your errors, either method may be appropriate. Any type of connection error (handshake or network) is considered a fatal error, see the Error Handling section for more information. ## Connection options When establishing a connection, you can set the following options: > host: The hostname of the database you are connecting to. (Default: localhost) > port: The port number to connect to. (Default: 3306) > localAddress: The source IP address to use for TCP connection. (Optional) > user: The MySQL user to authenticate as. > password: The password of that MySQL user. > database: Name of the database to use for this connection (Optional). > charset: The charset for the connection. This is called "collation" in the SQL-level of MySQL (like utf8_general_ci). If a SQL-level charset is specified (like utf8mb4) then the default collation for that charset is used. (Default: 'UTF8_GENERAL_CI') > timezone: The timezone used to store local dates. (Default: 'local') > connectTimeout: The milliseconds before a timeout occurs during the initial connection to the MySQL server. (Default: 10000) In addition to passing these options as an object, you can also use a url string. For example: var connection = mysql.createConnection('mysql://user:pass@host/db?debug=true&charset=BIG5_CHINESE_CI&timezone=-0700'); Note: The query values are first attempted to be parsed as JSON, and if that fails assumed to be plaintext strings. # Pooling connections Use pool directly. ~~~ var mysql = require('mysql'); var pool = mysql.createPool({ connectionLimit : 10, host : 'example.org', user : 'bob', password : 'secret', database : 'my_db' }); pool.query('SELECT 1 + 1 AS solution', function(err, rows, fields) { if (err) throw err; console.log('The solution is: ', rows[0].solution); }); ~~~ Connections can be pooled to ease sharing a single connection, or managing multiple connections. ~~~ var mysql = require('mysql'); var pool = mysql.createPool({ host : 'example.org', user : 'bob', password : 'secret', database : 'my_db' }); pool.getConnection(function(err, connection) { // connected! (unless `err` is set) }); ~~~ When you are done with a connection, just call connection.release() and the connection will return to the pool, ready to be used again by someone else. ~~~ var mysql = require('mysql'); var pool = mysql.createPool(...); pool.getConnection(function(err, connection) { // Use the connection connection.query( 'SELECT something FROM sometable', function(err, rows) { // And done with the connection. connection.release(); // Don't use the connection here, it has been returned to the pool. }); }); ~~~ If you would like to close the connection and remove it from the pool, use **connection.destroy()** instead. The pool will create a new connection the next time one is needed. Connections are lazily created by the pool. If you configure the pool to allow up to 100 connections, but only ever use 5 simultaneously, only 5 connections will be made. Connections are also cycled round-robin style, with connections being taken from the top of the pool and returning to the bottom. When a previous connection is retrieved from the pool, a ping packet is sent to the server to check if the connection is still good. ## Pool options Pools accept all the same options as a connection. When creating a new connection, the options are simply passed to the connection constructor. In addition to those options pools accept a few extras: > acquireTimeout: The milliseconds before a timeout occurs during the connection acquisition. This is slightly different from connectTimeout, because acquiring a pool connection does not always involve making a connection. (Default: 10000) > waitForConnections: Determines the pool's action when no connections are available and the limit has been reached. If true, the pool will queue the connection request and call it when one becomes available. If false, the pool will immediately call back with an error. (Default: true) > connectionLimit: The maximum number of connections to create at once. (Default: 10) > queueLimit: The maximum number of connection requests the pool will queue before returning an error from getConnection. If set to 0, there is no limit to the number of queued connection requests. (Default: 0) ## Pool events connection The pool will emit a connection event when a new connection is made within the pool. If you need to set session variables on the connection before it gets used, you can listen to the connection event. ~~~ pool.on('connection', function (connection) { connection.query('SET SESSION auto_increment_increment=1') }); ~~~ enqueue The pool will emit an enqueue event when a callback has been queued to wait for an available connection. ~~~ pool.on('enqueue', function () { console.log('Waiting for available connection slot'); }); ~~~ Closing all the connections in a pool When you are done using the pool, you have to end all the connections or the Node.js event loop will stay active until the connections are closed by the MySQL server. This is typically done if the pool is used in a script or when trying to gracefully shutdown a server. To end all the connections in the pool, use the end method on the pool: ~~~ pool.end(function (err) { // all connections in the pool have ended }); ~~~ The end method takes an optional callback that you can use to know once all the connections have ended. The connections end gracefully, so all pending queries will still complete and the time to end the pool will vary. Once pool.end() has been called, pool.getConnection and other operations can no longer be performed # Server disconnects You may lose the connection to a MySQL server due to network problems, the server timing you out, the server being restarted, or crashing. All of these events are considered fatal errors, and will have the err.code = 'PROTOCOL_CONNECTION_LOST'. See the Error Handling section for more information. Re-connecting a connection is done by establishing a new connection. Once terminated, an existing connection object cannot be re-connected by design. With Pool, disconnected connections will be removed from the pool freeing up space for a new connection to be created on the next getConnection call. # Performing queries The most basic way to perform a query is to call the .query() method on an object (like a Connection or Pool instance). The simplest form of .query() is .query(sqlString, callback), where a SQL string is the first argument and the second is a callback: ~~~ connection.query('SELECT * FROM `books` WHERE `author` = "David"', function (error, results, fields) { // error will be an Error if one occurred during the query // results will contain the results of the query // fields will contain information about the returned results fields (if any) }); ~~~ The second form .query(sqlString, values, callback) comes when using placeholder values (see escaping query values): ~~~ connection.query('SELECT * FROM `books` WHERE `author` = ?', ['David'], function (error, results, fields) { // error will be an Error if one occurred during the query // results will contain the results of the query // fields will contain information about the returned results fields (if any) }); ~~~ The third form .query(options, callback) comes when using various advanced options on the query, like escaping query values, joins with overlapping column names, timeouts, and type casting. ~~~ connection.query({ sql: 'SELECT * FROM `books` WHERE `author` = ?', timeout: 40000, // 40s values: ['David'] }, function (error, results, fields) { // error will be an Error if one occurred during the query // results will contain the results of the query // fields will contain information about the returned results fields (if any) }); ~~~ Note that a combination of the second and third forms can be used where the placeholder values are passes as an argument and not in the options object. The values argument will override the values in the option object. ~~~ connection.query({ sql: 'SELECT * FROM `books` WHERE `author` = ?', timeout: 40000, // 40s }, ['David'], function (error, results, fields) { // error will be an Error if one occurred during the query // results will contain the results of the query // fields will contain information about the returned results fields (if any) } ); ~~~ Escaping query values In order to avoid SQL Injection attacks, you should always escape any user provided data before using it inside a SQL query. You can do so using the mysql.escape(), connection.escape() or pool.escape() methods: ~~~ var userId = 'some user provided value'; var sql = 'SELECT * FROM users WHERE id = ' + connection.escape(userId); connection.query(sql, function(err, results) { // ... }); Alternatively, you can use ? characters as placeholders for values you would like to have escaped like this: connection.query('SELECT * FROM users WHERE id = ?', [userId], function(err, results) { // ... }); Multiple placeholders are mapped to values in the same order as passed. For example, in the following query foo equals a, bar equals b, baz equals c, and id will be userId: connection.query('UPDATE users SET foo = ?, bar = ?, baz = ? WHERE id = ?', ['a', 'b', 'c', userId], function(err, results) { // ... }); ~~~ This looks similar to prepared statements in MySQL, however it really just uses the same connection.escape() method internally. Caution This also differs from prepared statements in that all ? are replaced, even those contained in comments and strings. Different value types are escaped differently, here is how: > Numbers are left untouched > Booleans are converted to true / false > Date objects are converted to 'YYYY-mm-dd HH:ii:ss' strings > Buffers are converted to hex strings, e.g. X'0fa5' > Strings are safely escaped > Arrays are turned into list, e.g. ['a', 'b'] turns into 'a', 'b' > Nested arrays are turned into grouped lists (for bulk inserts), e.g. [['a', 'b'], ['c', 'd']] turns into ('a', 'b'), ('c', 'd') > Objects are turned into key = 'val' pairs for each enumerable property on the object. If the property's value is a function, it is skipped; if the property's value is an object, toString() is called on it and the returned value is used. > undefined / null are converted to NULL > NaN / Infinity are left as-is. MySQL does not support these, and trying to insert them as values will trigger MySQL errors until they implement support. If you paid attention, you may have noticed that this escaping allows you to do neat things like this: ~~~ var post = {id: 1, title: 'Hello MySQL'}; var query = connection.query('INSERT INTO posts SET ?', post, function(err, result) { // Neat! }); console.log(query.sql); // INSERT INTO posts SET `id` = 1, `title` = 'Hello MySQL' ~~~ If you feel the need to escape queries by yourself, you can also use the escaping function directly: var query = "SELECT * FROM posts WHERE title=" + mysql.escape("Hello MySQL"); console.log(query); // SELECT * FROM posts WHERE title='Hello MySQL' Escaping query identifiers If you can't trust an SQL identifier (database / table / column name) because it is provided by a user, you should escape it with mysql.escapeId(identifier), connection.escapeId(identifier) or pool.escapeId(identifier) like this: ~~~ var sorter = 'date'; var sql = 'SELECT * FROM posts ORDER BY ' + connection.escapeId(sorter); connection.query(sql, function(err, results) { // ... }); ~~~ It also supports adding qualified identifiers. It will escape both parts. ~~~ var sorter = 'date'; var sql = 'SELECT * FROM posts ORDER BY ' + connection.escapeId('posts.' + sorter); connection.query(sql, function(err, results) { // ... }); ~~~ Alternatively, you can use ?? characters as placeholders for identifiers you would like to have escaped like this: ~~~ var userId = 1; var columns = ['username', 'email']; var query = connection.query('SELECT ?? FROM ?? WHERE id = ?', [columns, 'users', userId], function(err, results) { // ... }); console.log(query.sql); // SELECT `username`, `email` FROM `users` WHERE id = 1 ~~~ Please note that this last character sequence is experimental and syntax might change When you pass an Object to .escape() or .query(), .escapeId() is used to avoid SQL injection in object keys. Preparing Queries You can use mysql.format to prepare a query with multiple insertion points, utilizing the proper escaping for ids and values. A simple example of this follows: ~~~ var sql = "SELECT * FROM ?? WHERE ?? = ?"; var inserts = ['users', 'id', userId]; sql = mysql.format(sql, inserts); ~~~ Following this you then have a valid, escaped query that you can then send to the database safely. This is useful if you are looking to prepare the query before actually sending it to the database. As mysql.format is exposed from SqlString.format you also have the option (but are not required) to pass in stringifyObject and timezone, allowing you provide a custom means of turning objects into strings, as well as a location-specific/timezone-aware Date. Custom format If you prefer to have another type of query escape format, there's a connection configuration option you can use to define a custom format function. You can access the connection object if you want to use the built-in .escape() or any other connection function. Here's an example of how to implement another format: ~~~ connection.config.queryFormat = function (query, values) { if (!values) return query; return query.replace(/\:(\w+)/g, function (txt, key) { if (values.hasOwnProperty(key)) { return this.escape(values[key]); } return txt; }.bind(this)); }; connection.query("UPDATE posts SET title = :title", { title: "Hello MySQL" }); ~~~ Getting the id of an inserted row If you are inserting a row into a table with an auto increment primary key, you can retrieve the insert id like this: ~~~ connection.query('INSERT INTO posts SET ?', {title: 'test'}, function(err, result) { if (err) throw err; console.log(result.insertId); }); ~~~ When dealing with big numbers (above JavaScript Number precision limit), you should consider enabling supportBigNumbers option to be able to read the insert id as a string, otherwise it will throw an error. This option is also required when fetching big numbers from the database, otherwise you will get values rounded to hundreds or thousands due to the precision limit. ## Getting the number of affected rows You can get the number of affected rows from an insert, update or delete statement. ~~~ connection.query('DELETE FROM posts WHERE title = "wrong"', function (err, result) { if (err) throw err; console.log('deleted ' + result.affectedRows + ' rows'); }) ~~~ ## Getting the number of changed rows You can get the number of changed rows from an update statement. "changedRows" differs from "affectedRows" in that it does not count updated rows whose values were not changed. ~~~ connection.query('UPDATE posts SET ...', function (err, result) { if (err) throw err; console.log('changed ' + result.changedRows + ' rows'); }) ~~~ ## Getting the connection ID You can get the MySQL connection ID ("thread ID") of a given connection using the threadId property. ~~~ connection.connect(function(err) { if (err) throw err; console.log('connected as id ' + connection.threadId); }); ~~~ Executing queries in parallel The MySQL protocol is sequential, this means that you need multiple connections to execute queries in parallel. You can use a Pool to manage connections, one simple approach is to create one connection per incoming http request. ## Streaming query rows Sometimes you may want to select large quantities of rows and process each of them as they are received. This can be done like this: ~~~ var query = connection.query('SELECT * FROM posts'); query .on('error', function(err) { // Handle error, an 'end' event will be emitted after this as well }) .on('fields', function(fields) { // the field packets for the rows to follow }) .on('result', function(row) { // Pausing the connnection is useful if your processing involves I/O connection.pause(); processRow(row, function() { connection.resume(); }); }) .on('end', function() { // all rows have been received }); ~~~ Please note a few things about the example above: Usually you will want to receive a certain amount of rows before starting to throttle the connection using pause(). This number will depend on the amount and size of your rows. pause() / resume() operate on the underlying socket and parser. You are guaranteed that no more 'result' events will fire after calling pause(). You MUST NOT provide a callback to the query() method when streaming rows. The 'result' event will fire for both rows as well as OK packets confirming the success of a INSERT/UPDATE query. It is very important not to leave the result paused too long, or you may encounter Error: Connection lost: The server closed the connection. The time limit for this is determined by the net_write_timeout setting on your MySQL server. Additionally you may be interested to know that it is currently not possible to stream individual row columns, they will always be buffered up entirely. If you have a good use case for streaming large fields to and from MySQL, I'd love to get your thoughts and contributions on this. Piping results with Streams2 The query object provides a convenience method .stream([options]) that wraps query events into a Readable Streams2 object. This stream can easily be piped downstream and provides automatic pause/resume, based on downstream congestion and the optional highWaterMark. The objectMode parameter of the stream is set to true and cannot be changed (if you need a byte stream, you will need to use a transform stream, like objstream for example). For example, piping query results into another stream (with a max buffer of 5 objects) is simply: ~~~ connection.query('SELECT * FROM posts') .stream({highWaterMark: 5}) .pipe(...); ~~~ Multiple statement queries Support for multiple statements is disabled for security reasons (it allows for SQL injection attacks if values are not properly escaped). To use this feature you have to enable it for your connection: var connection = mysql.createConnection({multipleStatements: true}); Once enabled, you can execute multiple statement queries like any other query: ~~~ connection.query('SELECT 1; SELECT 2', function(err, results) { if (err) throw err; // `results` is an array with one element for every statement in the query: console.log(results[0]); // [{1: 1}] console.log(results[1]); // [{2: 2}] }); ~~~ Additionally you can also stream the results of multiple statement queries: ~~~ var query = connection.query('SELECT 1; SELECT 2'); query .on('fields', function(fields, index) { // the fields for the result rows that follow }) .on('result', function(row, index) { // index refers to the statement this result belongs to (starts at 0) }); ~~~ If one of the statements in your query causes an error, the resulting Error object contains a err.index property which tells you which statement caused it. MySQL will also stop executing any remaining statements when an error occurs. Please note that the interface for streaming multiple statement queries is experimental and I am looking forward to feedback on it.