Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- app.get('/products/:title', (req, res) => {
- console.log("\nPARAMETER SENT: " + req.params.title + "\n")
- let query = "SELECT * FROM products WHERE title=" + req.params.title
- db.run(query, (err,results) =>{
- console.log(results);
- res.send(results);
- });
- });
- // PART 2 - PREVENTION - PARAMTERISED QUERY
- app.get('/products/:title', (req, res) => {
- console.log("\nPARAMETER SENT: " + req.params.title + "\n")
- db.run("select * from products where title=$1", [req.params.title], function(err,page_results){
- console.log(page_results)
- res.send(page_results)
- });
- });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement