This repository was archived by the owner on Aug 17, 2024. It is now read-only.
MANCHESTER-CLASS5-MIGUEL-CABRAL-SQL-WEEK3#145
Open
Miguel-Cabral wants to merge 1 commit intoCodeYourFuture:mainfrom
Open
MANCHESTER-CLASS5-MIGUEL-CABRAL-SQL-WEEK3#145Miguel-Cabral wants to merge 1 commit intoCodeYourFuture:mainfrom
Miguel-Cabral wants to merge 1 commit intoCodeYourFuture:mainfrom
Conversation
savagematt
reviewed
Feb 25, 2023
| supplier_name FROM | ||
| products JOIN product_availability ON products.id = product_availability.prod_id | ||
| JOIN suppliers ON supp_id = suppliers.id `) | ||
| .then((result) => res.json(result.rows)) |
There was a problem hiding this comment.
Good that this is separated out into multiple lines so it's easier to read
| const customerId = req.params.id; | ||
|
|
||
| pool | ||
| .query("SELECT * FROM customers WHERE id=$1", [customerId]) |
There was a problem hiding this comment.
Using query parameters like this is the right way to do it!
If you did something like this:
"SELECT * FROM customers WHERE id='" + customerId +"'"
Then a user could send a request where customer id is for example ';DROP TABLES; SELECT', and try to execute SQL statements. This is called a SQL injection attack https://www.w3schools.com/sql/sql_injection.asp
When you use query parameters, the connection pool is clever enough to protect you from this.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Volunteers: Are you marking this coursework? You can find a guide on how to mark this coursework in
HOW_TO_MARK.mdin the root of this repositoryYour Details
Homework Details
Notes
What did you find easy?
What did you find hard?
What do you still not understand?
Any other notes?