Skip to content

Commit 68b9dc3

Browse files
author
jkr241
committed
Fixed error and prevent sql injection
1 parent c43f7da commit 68b9dc3

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

Diff for: routes/user.js

+5-2
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,6 @@ router.get('/all', function(req, res, next) {
1818

1919
/* POST create user */
2020
router.post('/new', function(req, res, next) {
21-
console.log(req.body);
2221

2322
var username = req.body.username;
2423
var password = req.body.password;
@@ -29,6 +28,10 @@ router.post('/new', function(req, res, next) {
2928
return;
3029
}
3130

31+
//SQL INJECTION SHALL NOT PASS!!!
32+
var username = conn.escape(username);
33+
var password = conn.escape(password);
34+
3235
var conn = mysql.createConnection({
3336
host : "ec2-52-1-159-248.compute-1.amazonaws.com",
3437
user : "root",
@@ -48,7 +51,7 @@ router.post('/new', function(req, res, next) {
4851
conn.query("INSERT INTO user (username, password) VALUES ('"+username+"', '"+password+"')", function (err, result) {
4952
if(err) {
5053
//Duplicate code
51-
if(err.code === "ER_DUP_UNIQUE") {
54+
if(err.code === "ER_DUP_ENTRY") {
5255
res.json({error: "Username already exists."});
5356
}else{
5457
console.error("********Failed to insert user**********");

0 commit comments

Comments
 (0)