Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #15 from ScottTZhang/injection
avoid sql injection
  • Loading branch information
ScottTZhang committed Dec 1, 2014
2 parents 0bc5bca + 73568fd commit 6317c67
Showing 1 changed file with 28 additions and 48 deletions.
76 changes: 28 additions & 48 deletions main.js
Expand Up @@ -69,7 +69,7 @@ app.get('/', function(req, res) {// / is website page, and has nothing to do wit

app.get('/section/:id', function(req, res) {
var id = req.params.id;
var query = connection.query('SELECT Section.id, Section.name AS secname, Section.description AS secdesc, Survey.title AS stitle, Survey.description AS sdesc, Survey.id AS sid, Survey.holder from Section,Survey WHERE Survey.sectionId=Section.id AND Section.status=1 AND Survey.status=1 AND sectionId='+id, function(err, rows, fields) {
var query = connection.query('SELECT Section.id, Section.name AS secname, Section.description AS secdesc, Survey.title AS stitle, Survey.description AS sdesc, Survey.id AS sid, Survey.holder from Section,Survey WHERE Survey.sectionId=Section.id AND Section.status=1 AND Survey.status=1 AND sectionId=?', [id], function(err, rows, fields) {
if (!err) {
res.render('section.html', {
data: rows,
Expand All @@ -85,10 +85,8 @@ app.get('/section/:id', function(req, res) {
*/
app.all('/survey/:id', function(req, res) {
var id = req.params.id;
var sql ='SELECT Survey.id as sid, Survey.title AS stitle, Survey.description AS sdesc, Question.id AS qid, Item.id AS iid,question, item from Survey, Question, Item where Survey.id=' + id +' AND Survey.status=1 AND Question.status=1 AND Item.status=1 AND Question.surveyId=Survey.id AND Item.questionId=Question.id ORDER BY qid,iid;';

if (req.method == 'GET') {
var query = connection.query(sql, function(err, rows, fields) {
var query = connection.query('SELECT Survey.id as sid, Survey.title AS stitle, Survey.description AS sdesc, Question.id AS qid, Item.id AS iid,question, item from Survey, Question, Item where Survey.id=? AND Survey.status=1 AND Question.status=1 AND Item.status=1 AND Question.surveyId=Survey.id AND Item.questionId=Question.id ORDER BY qid,iid;', [id], function(err, rows, fields) {
if (!err) {
if(rows.length == 0) {
res.status(404).send('Survey ' + id + ' is not found');
Expand All @@ -106,13 +104,13 @@ app.all('/survey/:id', function(req, res) {
var body = req.body;
var itemIdtoUpdate =[];
for (var key in body) {
itemIdtoUpdate.push(body[key]);
itemIdtoUpdate.push(connection.escape(body[key]));
}

var cnt = 0;
async.series({
countQuestion: function(callback) {
connection.query('SELECT COUNT(*) as cntQuestion from Question WHERE Question.status=1 AND surveyId='+id, function(err, rows, field) {
connection.query('SELECT COUNT(*) as cntQuestion from Question WHERE Question.status=1 AND surveyId=?', [id], function(err, rows, field) {
if (!err) {
if (rows.length == 0) {
callback({code: 404, msg: 'Survey not found'});
Expand Down Expand Up @@ -162,9 +160,7 @@ app.all('/survey/:id', function(req, res) {

app.get('/result/:id', function(req, res) {
var id = req.params.id;
var sql ='SELECT Survey.id as sid, Survey.title AS stitle, Survey.description AS sdesc, Survey.sectionId AS categoryId, Question.id AS qid, Item.id AS iid,question, item, Item.count AS icnt from Survey, Question, Item where Survey.id=' + id +' AND Survey.status=1 AND Question.status=1 AND Item.status=1 AND Question.surveyId=Survey.id AND Item.questionId=Question.id ORDER BY qid,iid;';

var query = connection.query(sql, function(err, rows, fields) {
var query = connection.query('SELECT Survey.id as sid, Survey.title AS stitle, Survey.description AS sdesc, Survey.sectionId AS categoryId, Question.id AS qid, Item.id AS iid,question, item, Item.count AS icnt from Survey, Question, Item where Survey.id=? AND Survey.status=1 AND Question.status=1 AND Item.status=1 AND Question.surveyId=Survey.id AND Item.questionId=Question.id ORDER BY qid,iid;', [id], function(err, rows, fields) {
if (!err) {
if(rows.length == 0) {
res.status(404).send('Survey ' + id + ' is not found');
Expand Down Expand Up @@ -284,13 +280,7 @@ app.all('/surveys/add', function(req, res) {
}
async.series({
createSurvey: function(callback) {
var sql = 'INSERT INTO Survey(title, description, holder, sectionId) VALUES(\''
+ survey.stitle + '\',\''
+ survey.sdesc + '\',\''
+ survey.holder + '\','
+ survey.category
+ ');';
var query = connection.query(sql, function(err, rows, fields) {
var query = connection.query('INSERT INTO Survey(title, description, holder, sectionId) VALUES(?,?,?,?);', [survey.stitle, survey.sdesc, survey.holder, survey.category], function(err, rows, fields) {
if (!err) {
surveyId = rows.insertId;
}
Expand All @@ -300,13 +290,9 @@ app.all('/surveys/add', function(req, res) {

createQuestion: function(callback) {
async.eachSeries(survey.questions, function(questionHash, questionArrCallback){
var questionSql = 'INSERT INTO Question(question, surveyId) VALUES(\''
+ questionHash.question + '\','
+ surveyId
+ ');';
async.series({
createQuestion: function(questionCallback) {
var addQuestionQuery = connection.query(questionSql, function(questionErr, questionRows, questionFields) {
var addQuestionQuery = connection.query('INSERT INTO Question(question, surveyId) VALUES(?,?);', [questionHash.question, surveyId], function(questionErr, questionRows, questionFields) {
if (!questionErr) {
questionId = questionRows.insertId;
}
Expand All @@ -316,11 +302,7 @@ app.all('/surveys/add', function(req, res) {

createItem: function(itemArrCallback) {
async.eachSeries(questionHash.items, function(item, itemCallback){
var itemSql = 'INSERT INTO Item(item, questionId) VALUES(\''
+ item.item +'\','
+ questionId
+ ');';
var addItemQuery = connection.query(itemSql, function(itemErr, itemRows, itemFields) {
var addItemQuery = connection.query('INSERT INTO Item(item, questionId) VALUES(?,?);', [item.item, questionId], function(itemErr, itemRows, itemFields) {
if (!itemErr) {
}
itemCallback(itemErr);
Expand Down Expand Up @@ -354,7 +336,7 @@ app.all('/surveys/add', function(req, res) {
app.get('/admin/category/delete/:id', function(req, res) {
var id = req.params.id;
var msg = 'delete suceessfully.';
var query = connection.query('UPDATE Section SET status=0 WHERE id=' + id, function(err, rows, fields) {
var query = connection.query('UPDATE Section SET status=0 WHERE id=?', [id], function(err, rows, fields) {
if (!err) {
res.redirect('/admin/categories?msge='+msg);
} else {
Expand Down Expand Up @@ -437,8 +419,7 @@ app.all('/surveys/edit/:id', function(req, res) {
});
},
get: function(callback) {
var sql = 'SELECT Section.id AS categoryId, Survey.id AS sid, Survey.title AS stitle, Survey.description as sdesc, Question.id AS qid, question, Item.id AS iid, item from Section,Survey,Question,Item where Survey.id=' + id +' AND Survey.status=1 AND Question.status=1 And Item.status=1 AND Section.id=Survey.sectionId AND Question.surveyId=Survey.id AND Item.questionId=Question.id ORDER BY qid,iid;';
var query = connection.query(sql, function(err, rows, fields) {
var query = connection.query('SELECT Section.id AS categoryId, Survey.id AS sid, Survey.title AS stitle, Survey.description as sdesc, Question.id AS qid, question, Item.id AS iid, item from Section,Survey,Question,Item where Survey.id=? AND Survey.status=1 AND Question.status=1 And Item.status=1 AND Section.id=Survey.sectionId AND Question.surveyId=Survey.id AND Item.questionId=Question.id ORDER BY qid,iid;', [id], function(err, rows, fields) {
if (!err) {
if(rows.length == 0) {
callback({code: 404, msg: 'Survey ' + id + ' is not found'});
Expand Down Expand Up @@ -533,15 +514,15 @@ app.all('/surveys/edit/:id', function(req, res) {
createSurvey: function(callback) {
var sql;
if (survey.sid) {
sql = 'UPDATE Survey SET title=\''+survey.stitle+'\', description=\''+survey.sdesc+'\', sectionId='+ survey.category +' WHERE id='+id+';';
sql = 'UPDATE Survey SET title='+ connection.escape(survey.stitle) +', description='+ connection.escape(survey.sdesc) + ', sectionId=' + connection.escape(survey.category) + ' WHERE id=' + connection.escape(id) + ';';
surveyId = id;
} else {
surveyId = null;
sql = 'INSERT INTO Survey(title, description, holder, sectionId) VALUES(\''
+ survey.stitle + '\',\''
+ survey.sdesc + '\',\''
+ survey.holder + '\','
+ survey.category
sql = 'INSERT INTO Survey(title, description, holder, sectionId) VALUES('
+ connection.escape(survey.stitle) + ','
+ connection.escape(survey.sdesc) + ','
+ connection.escape(survey.holder) + ','
+ connection.escape(survey.category)
+ ');';
}
var query = connection.query(sql, function(err, rows, fields) {
Expand All @@ -559,15 +540,15 @@ app.all('/surveys/edit/:id', function(req, res) {
var questionId;
if (questionHash.qid == null || questionHash.qid == undefined) {
questionId = null;
questionSql = 'INSERT INTO Question(question, surveyId) VALUES(\''
+ questionHash.question + '\','
questionSql = 'INSERT INTO Question(question, surveyId) VALUES('
+ connection.escape(questionHash.question) + ','
+ surveyId
+ ');';
} else {
if (questionHash.qDelete == '1') {
questionSql = 'UPDATE Question SET status=0 WHERE id='+questionHash.qid+';';
questionSql = 'UPDATE Question SET status=0 WHERE id=' + connection.escape(questionHash.qid) + ';';
} else {
questionSql = 'UPDATE Question SET question=\''+questionHash.question+'\' WHERE id='+questionHash.qid+';';
questionSql = 'UPDATE Question SET question=' + connection.escape(questionHash.question) + ' WHERE id=' + connection.escape(questionHash.qid) + ';';
}
questionId = questionHash.qid;
}
Expand All @@ -587,15 +568,15 @@ app.all('/surveys/edit/:id', function(req, res) {
var itemSql;

if(item.iid == undefined || item.iid == null) {
itemSql = 'INSERT INTO Item(item, questionId) VALUES(\''
+ item.item +'\','
+ questionId
itemSql = 'INSERT INTO Item(item, questionId) VALUES('
+ connection.escape(item.item) + ','
+ connection.escape(questionId)
+ ');';
} else {
if (item.itemDelete == '1') {
itemSql = 'UPDATE Item SET status=0 WHERE id='+item.iid+';';
itemSql = 'UPDATE Item SET status=0 WHERE id=' + connection.escape(item.iid) + ';';
} else {
itemSql = 'UPDATE Item SET item=\''+item.item+'\' WHERE id='+item.iid+';';
itemSql = 'UPDATE Item SET item=' + connection.escape(item.item) + ' WHERE id=' + connection.escape(item.iid) + ';';
}
}
var addItemQuery = connection.query(itemSql, function(itemErr, itemRows, itemFields) {
Expand Down Expand Up @@ -632,7 +613,7 @@ app.all('/surveys/edit/:id', function(req, res) {
app.all('/admin/categories/edit/:id', function(req, res) { //:id means the parameter in this part of url is called 'id'
var id = req.params.id; //get the 'id' part from the url, not from qurey string; from query string use req.query.'...'
if (req.method == 'GET') {//req default method is GET
connection.query('SELECT * FROM Section WHERE id='+id, function(err, rows, fields){
connection.query('SELECT * FROM Section WHERE id=?', [id], function(err, rows, fields){
if (!err) {
if (rows.length > 0) {
res.render('edit-section-form.html', {
Expand All @@ -657,7 +638,7 @@ app.all('/admin/categories/edit/:id', function(req, res) { //:id means the param
}
else {
var msg = 'edit successfully';
var query = connection.query('UPDATE Section SET ? where id='+id, body, function(err, rows, fields){ // this will automatic match table column names with names in body, and change values
var query = connection.query('UPDATE Section SET ? where id=?', [body, id], function(err, rows, fields){ // this will automatic match table column names with names in body, and change values
if (!err) {
res.redirect('/admin/categories?msge='+msg);//make msg a part of query string so that req.query.msge will find msg
} else {
Expand Down Expand Up @@ -686,8 +667,7 @@ app.all('/admin/categories/add', function(req, res){
}
else {
var msg = 'add successfully';
var values = '\'' + body.name + '\',\'' + body.description + '\','+ 1;
var query = connection.query('INSERT INTO Section(name, description, status) VALUES('+values+')', function(err, rows, fields) {
var query = connection.query('INSERT INTO Section(name, description, status) VALUES(?, ?, ?)', [body.name, body.description, 1], function(err, rows, fields) {
if (!err) {
res.redirect('/admin/categories?msge='+msg);
} else {
Expand Down

0 comments on commit 6317c67

Please sign in to comment.