Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var mysql = require('mysql');
- var express = require('express');
- var http = require('http');
- var app = express();
- var nl = '\n';
- var head = '<!DOCTYPE html>' + nl + '<html>' + nl + '<head>' + nl;
- head += '<title>Books</title>' + nl + '</head>' + nl + '<body>' + nl;
- var conn = mysql.createConnection({
- host : 'mysql-server-1.macs.hw.ac.uk',
- user : 'hamish', password : '?????????', database : 'hamish'
- });
- conn.connect(function (error) {
- if (error) {
- console.log('error: ' + error.stack);
- }
- });
- app.get('/search', function (req, res) {
- var s = req.query.search.trim();
- if (s.indexOf(';') != -1) s = '*'; // stop injection attack
- var q = 'select * from Games';
- if (s != '*') q += ' where Name=\'' + s + '\' or Seller=\'' + s + '\'';
- conn.query(q, function (err, results, fields) {
- if (err) {
- res.send('error querying: ' + err);
- return;
- }
- var s = head + '<table border=\'1\'>' + nl + '<tr>';
- for (var i in fields) s += '<th>' + fields[i].name + '</th>';
- s += '</tr>' + nl;
- for (var row in results) {
- s += '<tr>' + nl;
- for (var col in results[row])
- s += '<td>' + results[row][col] + '</td>' + nl;
- s += '</tr>' + nl;
- }
- s += '</table>' + nl + '</body>' + nl + '</html>' + nl;
- res.send(s);
- });
- });
- var svr = http.createServer(app);
- svr.on('error', function (err) {
- console.log('Server: ' + err);
- });
- svr.listen(8080, function () {
- console.log('Node: linux06 on port 8080');
- });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement