The Node Craftsman Book by Manuel Kiessling
Author:Manuel Kiessling
Language: eng
Format: epub, azw3
Tags: COM060160 - COMPUTERS / Web / Web Programming, COM060080 - COMPUTERS / Web / General, COM005000 - COMPUTERS / Enterprise Applications / General
Publisher: Packt Publishing
Published: 2017-04-27T07:23:49+00:00
Making SQL queries secure against attacks
Let's now go full circle and create a simple web application that allows to insert data into our table and also reads and displays the data that was entered.
We need to start a web server with two routes (one for displaying data, one for taking user input), and we need to pass user input to the database and database results to the webpage. Here is the application in one go:
'use strict'; var mysql = require('mysql'), http = require('http'), url = require('url'), querystring = require('querystring'); // Start a web server on port 8888. Requests go to function handleRequest http.createServer(handleRequest).listen(8888); // Function that handles http requests function handleRequest(request, response) { // Page HTML as one big string, with placeholder "DBCONTENT" for data // from the database var pageContent = '<html>' + '<head>' + '<meta http-equiv="Content-Type" ' + 'content="text/html; charset=UTF-8" />' + '</head>' + '<body>' + '<form action="/add" method="post">' + '<input type="text" name="content">' + '<input type="submit" value="Add content" />' + '</form>' + '<div>' + '<strong>Content in database:</strong>' + '<pre>' + 'DBCONTENT' + '</pre>' + '</div>' + '<form action="/" method="get">' + '<input type="text" name="q">' + '<input type="submit" value="Filter content" />' + '</form>' + '</body>' + '</html>'; // Parsing the requested URL path in order to distinguish between // the / page and the /add route var pathname = url.parse(request.url).pathname; // User wants to add content to the database (POST request to /add) if (pathname == '/add') { var requestBody = ''; var postParameters; request.on('data', function (data) { requestBody += data; }); request.on('end', function() { postParameters = querystring.parse(requestBody); // The content to be added is in POST parameter "content" addContentToDatabase(postParameters.content, function() { // Redirect back to homepage when the database has finished // adding the new content to the database response.writeHead(302, {'Location': '/'}); response.end(); }); }); // User wants to read data from the database (GET request to /) } else { // The text to use for filtering is in GET parameter "q" var filter = querystring.parse(url.parse(request.url).query).q; getContentsFromDatabase(filter, function(contents) { response.writeHead(200, {'Content-Type': 'text/html'}); // Poor man's templating system: Replace "DBCONTENT" in page HTML // with the actual content we received from the database response.write(pageContent.replace('DBCONTENT', contents)); response.end(); }); } } // Function that is called by the code that handles the / route and // retrieves contents from the database, applying a LIKE filter if one // was supplied function getContentsFromDatabase(filter, callback) { var connection = mysql.createConnection({ host: 'localhost', user: 'root', password: 'root', database: 'node' }); var query; var resultsAsString = ''; if (filter) { query = connection.query('SELECT id, content FROM test ' + 'WHERE content LIKE "' + filter + '%"'); } else { query = connection.query('SELECT id, content FROM test'); } query.on('error', function(err) { console.log('A database error occured:'); console.log(err); }); // With every result, build the string that is later replaced into // the HTML of the homepage query.on('result', function(result) { resultsAsString += 'id: ' + result.id; resultsAsString += ', content: ' + result.content; resultsAsString += 'n'; }); // When we have worked through all results, we call the callback // with our completed string query.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Secrets of the JavaScript Ninja by John Resig Bear Bibeault(5957)
Linux Device Driver Development Cookbook by Rodolfo Giometti(3416)
Implementing Enterprise Observability for Success by Manisha Agrawal and Karun Krishnannair(3072)
TCP IP by Todd Lammle(2638)
Drawing Shortcuts: Developing Quick Drawing Skills Using Today's Technology by Leggitt Jim(2532)
Pandas Cookbook by Theodore Petrou(2501)
Applied Predictive Modeling by Max Kuhn & Kjell Johnson(2478)
Supercharging Productivity with Trello by Brittany Joiner(2324)
Design Made Easy with Inkscape by Christopher Rogers(2230)
Learn Qt 5: Build modern, responsive cross-platform desktop applications with Qt, C++, and QML by Nicholas Sherriff(2176)
40 Algorithms Every Programmer Should Know by Imran Ahmad(2153)
Mastering Tableau 2023 - Fourth Edition by Marleen Meier(2049)
Build Stunning Real-time VFX with Unreal Engine 5 by Hrishikesh Andurlekar(2007)
Fusion 360 for Makers by Lydia Sloan Cline(1987)
Inkscape by Example by István Szép(1901)
The Artificial Intelligence Imperative by Anastassia Lauterbach(1847)
Customizing Microsoft Teams by Gopi Kondameda(1817)
The Old New Thing by Raymond Chen(1719)
Mastering Python Scientific Computing by Hemant Kumar Mehta(1709)