let node_mysql handle the escaping

author: gumi <git@gumi.ca> 2018-04-09 15:44:17 -0400
committer: gumi <git@gumi.ca> 2018-04-09 15:44:17 -0400
commit: b8d6ccf68b277b1dc7f25eb31e5154b0074c2808 (patch)
tree: 4c435e7ac8ca287b5d3e5a0190c5c921ec8d7b9a
parent: a63b967229f374660ca5db4b3088cd118b0d9073 (diff)
download: api-b8d6ccf68b277b1dc7f25eb31e5154b0074c2808.tar.gz
api-b8d6ccf68b277b1dc7f25eb31e5154b0074c2808.tar.bz2
api-b8d6ccf68b277b1dc7f25eb31e5154b0074c2808.tar.xz
api-b8d6ccf68b277b1dc7f25eb31e5154b0074c2808.zip
1 files changed, 10 insertions, 9 deletions
diff --git a/server.js b/server.js
index 80dfabc..55a6b1b 100644
--- a/server.js
+++ b/server.js
@@ -125,12 +125,6 @@ api.post("/api/account", (req, res) => {
         return;
     }
 
-    const account = {
-        username: req.body.username,
-        password: req.body.password,
-        email: req.body.email || "a@a.com"
-    };
-
     const db = mysql.createConnection({
         host     : process.env.npm_package_config_sql_host,
         user     : process.env.npm_package_config_sql_user,
@@ -148,14 +142,21 @@ api.post("/api/account", (req, res) => {
             return;
         }
 
-        db.query({sql: `INSERT INTO ${process.env.npm_package_config_sql_table} (USERNAME, PASSWORD, EMAIL, GENDER) VALUES ("${account.username}", "${account.password}", "${account.email}", "N")`}, (err, rows, fields) => {
+        const query_params = {
+            "USERNAME": req.body.username,
+            "PASSWORD": req.body.password,
+            "EMAIL": req.body.email || "a@a.com",
+            "GENDER": "N",
+        };
+
+        db.query(`INSERT INTO ${process.env.npm_package_config_sql_table} SET ?`, query_params, (err, rows, fields) => {
             if (err) {
                 if (err.code === "ER_DUP_ENTRY") {
                     res.status(409).json({
                         status: "error",
                         error: "already exists"
                     });
-                    console.info("a request to create an already-existent account was received", req.ip, account.username);
+                    console.info("a request to create an already-existent account was received", req.ip, query_params.USERNAME);
                     rate_limiting.add(req.ip);
                     setTimeout(() => rate_limiting.delete(req.ip), 2000);
                 } else {
@@ -169,7 +170,7 @@ api.post("/api/account", (req, res) => {
                 res.status(201).json({
                     status: "success"
                 });
-                console.info(`an account was created: ${account.username}`);
+                console.info(`an account was created: ${query_params.USERNAME}`);
                 rate_limiting.add(req.ip);
                 setTimeout(() => rate_limiting.delete(req.ip), 300000);
             }
author	gumi <git@gumi.ca>	2018-04-09 15:44:17 -0400
committer	gumi <git@gumi.ca>	2018-04-09 15:44:17 -0400
commit	b8d6ccf68b277b1dc7f25eb31e5154b0074c2808 (patch)
tree	4c435e7ac8ca287b5d3e5a0190c5c921ec8d7b9a
parent	a63b967229f374660ca5db4b3088cd118b0d9073 (diff)
download	api-b8d6ccf68b277b1dc7f25eb31e5154b0074c2808.tar.gz api-b8d6ccf68b277b1dc7f25eb31e5154b0074c2808.tar.bz2 api-b8d6ccf68b277b1dc7f25eb31e5154b0074c2808.tar.xz api-b8d6ccf68b277b1dc7f25eb31e5154b0074c2808.zip