How to pass parameters to JavaScript callback functions

omarR_85 · August 5, 2025, 12:20am

I’m having trouble with parameter order in my JavaScript callback function. Here’s what I’m trying to do:

My function call:

DataService.fetchStudents(yearList, function (data) {
    console.log(data);
});

The function definition:

exports.fetchStudents = function (callback, yearList) {
    let yearCount = Object.keys(yearList).length;
    switch (yearCount) {
        case 1:
            let selectedYear = yearList[0].value;
            selectedYear = String(selectedYear);
            let sqlQuery = "SELECT [student_id], [name], [grade], [year] FROM [Students] WHERE year='" + selectedYear + "'";
            console.log(sqlQuery);
            (async function () {
                try {
                    let queryResult = await dbConnection.request()
                        .query(sqlQuery);
                    callback(queryResult.recordset);
                } catch (error) {
                    console.log(error);
                }
            })();
            break;
    }
};

I keep getting this error: 'Incorrect syntax near the keyword 'function'.

I think there’s something wrong with how the string is being processed. What’s the correct way to pass arguments to callback functions?

UPDATE: I figured it out! I had to switch the parameter order to function (yearList, callback) and now it works fine.

sofia_scribbles · August 13, 2025, 2:00am

Parameter order confusion is super common, but there’s a much better approach here.

Skip the callback parameter juggling and manual SQL queries - automate the whole thing instead. Build a system that handles your database ops, validates parameters, and manages errors automatically.

I’ve done this with student data systems that needed year-based filtering. You define your data flow once: input validation → safe query building → execution → formatted results. Done.

This kills parameter order problems since everything’s defined upfront. You also get error handling, logging, and can easily add caching or data transforms later.

No callback hell, no SQL injection headaches. Just clean, reliable data fetching.

Check out Latenode for building these automated workflows: https://latenode.com

lucasg · August 12, 2025, 11:23pm

Parameter confusion aside, you’ve got a major security hole that needs fixing now. You’re directly concatenating user input into SQL queries, which makes you vulnerable to SQL injection attacks. Yeah, you fixed the callback ordering, but any malicious input in yearList could trash your entire database. I learned this the hard way when our security team caught similar code during a review. Ditch the string concatenation and use prepared statements with the SQL Server driver’s input method instead. Your query should be request().input('selectedYear', sql.VarChar, selectedYear).query('SELECT ... WHERE year=@selectedYear'). This automatically sanitizes input and blocks injection attacks without breaking your functionality.

Neo_Movies · August 12, 2025, 6:42pm

Parameter ordering trips up developers all the time. Had the same problem when I started with Node.js callbacks. What saved me was sticking to one rule - callback always goes last. It follows Node’s standard pattern and makes everything predictable. Also, you should add error handling with the callback(error, data) approach. That way you can pass database errors back to the calling function instead of just logging them.

Bob_Clever · August 12, 2025, 10:42am

glad you figured it out! parameter order gets everyone. quick tip though - use parameterized queries instead of concatenating strings. prevents sql injection attacks. try request().input('year', selectedYear).query('SELECT ... WHERE year=@year') instead