The front end passes an array of parameters [mobile phone number, column name to be modified, value of column name to be modified]. How to write this SQL?

[problem description]: when the front end uses Vue.js, to modify user information, some modules have common components;
when the user enters a module (figure 2), click the Save button to update the database;

the backend uses the same SQL (update table name set column name = new value where mobile = a user)
but this [column name, new value, user] are all parameters passed by the front end.
the personal SQL is written as: UPDATE user SET? =? WHERE mobile=?
but asked a colleague, and he said there was a risk of injection
[question]: so how do I write this SQL??

Mysql node.js vue.js

Mar.23,2021

non-backend, to put it simply, tap wrong:

handwritten SQL, should pay attention to Filter sensitive fields and prevent SQL injection and preventive measures ;

what I really want to say is: TMD, is not a back-end job? (funny)

do you mean that the backend prevents injection when writing update tables? That is, try not to use concatenated mysql statements to query, if you want, also do a regular judgment, this according to your needs to write.
it is best to use the ORM framework to manipulate the database.

Previous: How to get the duration and size of audio url based on java

Next: How does vue use router to jump to the page in the click event of methods?

When vue jumps to a page, how do I get the data sent from the backend?
[problem description]: the individual uses vue+axios+node+mysql for development, uses vue as the front end, and node as the server end to connect to MySQL [question]: how to obtain the back-end data required for this page when jumping to a route through...

Mysql node.js vue.js

Mar.20,2021