Comments on: Simple and Easy way to Build a RESTful API using Node.js

By: Litzer

Litzer — Fri, 15 Jan 2021 11:16:55 +0000

To avoid sql injections, we can parameterize as in example:

static getProductByIdSQL(prd_id) {
// let sql = SELECT * FROM PRODUCTS WHERE PRD_ID = ${prd_id};
return { sql: SELECT * FROM PRODUCTS WHERE PRD_ID = ??, values: prd_id };
}

Check:
https://github.com/mysqljs/mysql#escaping-query-values
https://github.com/mysqljs/mysql#performing-queries

Hope it helps.

Thanks Pavan for this RESTful example.

By: Pavan

Pavan — Wed, 27 Nov 2019 05:53:49 +0000

In reply to Justin. Hi Justin, The code aberu is using like "import * from http" I did not see in the article or code from article any way like that. More over the code in the article is tested and working. Please let me know if you facing any issues with the code and I will be happy to re-check and update the code/article.

By: Justin

Justin — Tue, 26 Nov 2019 18:53:27 +0000

In reply to Pavan. shouldn't you update the article to include the working code that abreu suggested?

By: binario

binario — Tue, 08 Oct 2019 21:59:06 +0000

sql injections?

By: Pavan

Pavan — Thu, 29 Aug 2019 04:53:03 +0000

In reply to abreu. Hi Abreu, Glad you found it useful and able to use it.