SQL Placeholder

Overview

The SQL Placeholder node is designed to help users safely construct SQL queries with dynamic values. It takes a SQL query string containing placeholders (e.g., ?) and a set of values, then outputs the final SQL statement with those values properly formatted and injected. This approach helps prevent SQL injection and ensures correct data types in queries.

Common scenarios:

• Dynamically building parameterized SQL queries for use in subsequent database nodes.
• Safely substituting user input or workflow data into SQL statements.
• Preparing queries for logging, debugging, or sending to external systems.

Practical example:
Suppose you want to select a user by ID and status:

• SQL: SELECT * FROM users WHERE id = ? AND active = ?
• Values: [123, true]
  The node will output the fully formatted SQL: SELECT * FROM users WHERE id = 123 AND active = true

Properties

Name	Type	Meaning
Sql	String	The SQL query template with ? placeholders where values should be inserted.
Values to Set	Collection	A list of values to substitute into the SQL query's placeholders, each with a type.
└ Value	Object	Each value entry includes:
Type	Options	The data type of the value (String, Number, or Boolean).
Value	String	The actual value to insert, interpreted according to the selected type.

Output

The node outputs an array of items, each with the following structure in the json field:

{
  "sql": "<formatted SQL string>",
  "values": [/* array of values used in formatting */]
}

• sql: The final SQL query string with all placeholders replaced by the provided values, properly escaped and formatted.
• values: An array of the values that were substituted into the query, in order.

Dependencies

• mysql npm package (used internally for SQL formatting).
• No external services or API keys required.
• No special n8n configuration or environment variables needed.

Troubleshooting

Common issues:

• Mismatched placeholders and values: If the number of ? placeholders in the SQL does not match the number of provided values, the output SQL may be invalid or throw errors in downstream nodes.
• Incorrect value types: Supplying a value that cannot be converted to the specified type (e.g., non-numeric string for a Number) may result in NaN or unexpected results.
• Boolean conversion: Only the string "true" (case-sensitive) is treated as boolean true; all other values become false.

Error messages:

• Errors are unlikely at this node unless there is a problem with the input data structure. Downstream database nodes may throw errors if the output SQL is malformed.

How to resolve:

• Double-check that the number of values matches the number of ? in your SQL.
• Ensure each value matches its declared type.
• Use only "true" or "false" strings for Boolean values.

Links and References

• Node.js mysql.format documentation
• n8n Documentation: Custom Nodes
• OWASP: SQL Injection Prevention Cheat Sheet