Javascript Sequelize Where 语句与日期
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/29798357/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Sequelize Where statement with date
提问by Marc Rasmussen
I am using sequelize as my backend ORM. Now i wish to do some where operations on a Date.
我使用 sequelize 作为我的后端 ORM。现在我想在日期上做一些 where 操作。
More Speceficly i want to get all data where a date is from now and 7 days back.
更具体地说,我想获取从现在到 7 天后日期的所有数据。
The problem is that the documentation does not specify which operations you can do on Datatypes.DATE
问题是文档没有指定您可以执行哪些操作 Datatypes.DATE
Can anyone point me in the right direction?
任何人都可以指出我正确的方向吗?
回答by Evan Siroky
Just like Molda says, you can use $gt, $lt, $gteor $ltewith a date:
就像 Molda 所说,您可以使用$gt, $lt,$gte或$lte日期:
model.findAll({
where: {
start_datetime: {
$gte: moment().subtract(7, 'days').toDate()
}
}
})
If you're using v5 of Sequelize, you've to include Opbecause the key was moved into Symbol
如果您使用的是 Sequelize 的 v5,则必须包含,Op因为密钥已移入Symbol
const { Op } = require('sequelize')
model.findAll({
where: {
start_datetime: {
[Op.gte]: moment().subtract(7, 'days').toDate()
}
}
})
See more sequelize documentation here
回答by James Graham
I had to import the Operators symbols from sequelize and use like so.
我不得不从 sequelize 导入 Operators 符号并像这样使用。
const { Op } = require('sequelize')
model.findAll({
where: {
start_datetime: {
[Op.gte]: moment().subtract(7, 'days').toDate()
}
}
})
According to the docs, for security reasons this is considered best practise.
根据文档,出于安全原因,这被认为是最佳做法。
See http://docs.sequelizejs.com/manual/tutorial/querying.htmlfor more info.
有关更多信息,请参阅http://docs.sequelizejs.com/manual/tutorial/querying.html。
Using Sequelize without any aliases improves security. Some frameworks automatically parse user input into js objects and if you fail to sanitize your input it might be possible to inject an Object with string operators to Sequelize.
(...)
For better security it is highly advised to use Sequelize.Op and not depend on any string alias at all. You can limit alias your application will need by setting operatorsAliases option, remember to sanitize user input especially when you are directly passing them to Sequelize methods.
使用没有任何别名的 Sequelize 可以提高安全性。一些框架会自动将用户输入解析为 js 对象,如果您未能清理输入,则可能会注入带有字符串运算符的对象以进行 Sequelize。
(……)
为了更好的安全性,强烈建议使用 Sequelize.Op 而完全不依赖任何字符串别名。您可以通过设置 operatorsAliases 选项来限制您的应用程序需要的别名,请记住清理用户输入,尤其是当您直接将它们传递给 Sequelize 方法时。
回答by marcopeg
You can also use Sequelize.literal()to perform dates manipulation in SQL.
您还可以使用Sequelize.literal()在 SQL 中执行日期操作。
The following code works with Postgres, but I'm quite sure something similar could be done in other systems as well:
以下代码适用于 Postgres,但我很确定在其他系统中也可以执行类似的操作:
model.findAll({
where: {
start_datetime: {
$gte: Sequelize.literal('NOW() - INTERVAL "7d"'),
}
}
})
