Navigation

    APPDRAG Community
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Popular

    REMINDER

    Please be respectful of all AppDragers! Keep it really civil so that we can make the AppDrag community of builders as embracing, positive and inspiring as possible.

    Parametrized SQL queries are now supported in appdrag-cloudbackend

    Announcements
    1
    1
    392
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Joseph Benguira
      Joseph Benguira last edited by

      Hey dear community,

      We have updated our appdrag-cloudbackend NPM package to allow parametrized SQL queries.

      If you want to compose the SQL query by yourself with input parameters you must escape the user inputs to avoid SQL injection with cloudbackend.escape() like this:

      cloudbackend.sqlSelect("SELECT * FROM Products WHERE category = '" + cloudbackend.escape( event.POST.category ) + "'")
.then( function(response) {
	console.log(response);
});

      But there is now a better way with parametrized queries, You can use ? characters as placeholders for values you would like to have escaped. Multiple placeholders are mapped to values in the same order as passed.

      cloudbackend.sqlSelect('SELECT * FROM Products WHERE category = ? and id > ?', ["Software", 500])
.then( function(response) {
	console.log(response);
});

      You can check the full documentation on NPM:
      https://www.npmjs.com/package/appdrag-cloudbackend

      1 Reply Last reply Reply Quote 4
      • First post
        Last post