Prueba esto:
var sql = 'SELECT * FROM table';
var where = ' WHERE';
//category is present in userinput
if(category){
sql += where + ' category=category';
where = ' and';
}
//subject is present in userinput
if(subject){
sql += where + ' subject=subject';
where = ' and';
}
if(material){
sql += where + ' material=material';
where = ' and';
}
if(medium){
sql += where + ' medium=medium';
}
db.query(sql,function(error,result){
console.log(result);
});
