app.get('/products/:title', (req, res) => { console.log("\nPARAMETER SENT: " +

1. app.get('/products/:title', (req, res) => {
2. console.log("\nPARAMETER SENT: " + req.params.title + "\n")
3. let query = "SELECT * FROM products WHERE title=" + req.params.title
4. db.run(query, (err,results) =>{
5. console.log(results);
6. res.send(results);
7. });
8. });
9.  
10.  
11. // PART 2 - PREVENTION - PARAMTERISED QUERY
12. app.get('/products/:title', (req, res) => {
13. console.log("\nPARAMETER SENT: " + req.params.title + "\n")
14. db.run("select * from products where title=$1", [req.params.title], function(err,page_results){
15. console.log(page_results)
16. res.send(page_results)
17. });
18. });