Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed error and prevent sql injection
  • Loading branch information
jkr241 committed Feb 24, 2015
1 parent c43f7da commit 68b9dc3
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions routes/user.js
Expand Up @@ -18,7 +18,6 @@ router.get('/all', function(req, res, next) {

/* POST create user */
router.post('/new', function(req, res, next) {
console.log(req.body);

var username = req.body.username;
var password = req.body.password;
Expand All @@ -29,6 +28,10 @@ router.post('/new', function(req, res, next) {
return;
}

//SQL INJECTION SHALL NOT PASS!!!
var username = conn.escape(username);
var password = conn.escape(password);

var conn = mysql.createConnection({
host : "ec2-52-1-159-248.compute-1.amazonaws.com",
user : "root",
Expand All @@ -48,7 +51,7 @@ router.post('/new', function(req, res, next) {
conn.query("INSERT INTO user (username, password) VALUES ('"+username+"', '"+password+"')", function (err, result) {
if(err) {
//Duplicate code
if(err.code === "ER_DUP_UNIQUE") {
if(err.code === "ER_DUP_ENTRY") {
res.json({error: "Username already exists."});
}else{
console.error("********Failed to insert user**********");
Expand Down

0 comments on commit 68b9dc3

Please sign in to comment.