How to pass a question mark express router api to update sql - javascript

I want to update a varchar field (String) using and End-Point Api (Express NodeJS) but I have problem went I pass invalid inputs like question mark.
Express End-Point:
router.get("/updateField/:table/:field/:value/:num/:postid/", function(req, res) {
connection.query(
'UPDATE '+ req.params.table +' SET ' + req.params.field +' = '+JSON.stringify(req.params.value) +' where language ='+ req.params.num +' and post_id ='+req.params.postid
This code work fine:
http://localhost:3001/api/updateField/posts/TITLE/When/1/1
But this NOT WORK:
http://localhost:3001/api/updateField/posts/TITLE/When?/1/1
I send the request from react like this:
fetch(
"http://localhost:3001/api/updateField/" +
table +
"/" +
field +
"/" +
value +
"/" +
lenguage +
"/" +
post_id
);


Use javascript function encodeURIComponent() to escape special characters in URL parameters.
For example try this on your browser console and you'll get an idea:
console.log(
"http://localhost:3001/api/updateField/" +
table +
"/" +
field +
"/" +
encodeURIComponent(value) +
"/" +
lenguage +
"/" +
post_id
);
console.log(encodeURIComponent("When?"));
You will see that "When?" is replaced with "When%3F" in URL.
In Node.Js, you'll receive parameter value as string "When?".
To know more about encodeURIComponent(), refer to this

Related

EJS recieve json containing code as string

Im sending a stringified json that should have property:
recievedObject: {"code":"this is a code snippet"}
(the code property has no specified programming language)
and then parsing it like this:
var items = JSON.parse('<%- JSON.stringify(items) %>')
When I try to parse the stringified json I received I get parsing errors (im guessing its because of the code string often containing characters like " ', line breaks etc.)
Is there a way to bypass or get around this problem without changing the string in any way? (I was able to get this working after encrypting it, but I would prefer not to do this)
example of how the code string might look:
code: "router.get('/', function(req, res, next) {\n" +
' try {\n' +
' const cities = spreadsheet.getData()\n' +
'\n' +
' } catch(err) {\n' +
' console.log(err)\n' +
' }\n' +
'\n' +
" res.render('index', { cities: cities})\n" +
'})'

If condicions inside email body

I'm building an app that will send an email with variables, but i only want to include certain things if a variable is true (checkbox)
So I think i need If statments inside the email.putExtra(Intent.EXTRA_TEXT,""); but I dont seem to figure out how. it would look something like this:
public void Email (){
Date today = Calendar.getInstance().getTime();
SimpleDateFormat formatter = new SimpleDateFormat("dd-MM-YYYY HH.mm");
String Time = formatter.format(today);
Intent email = new Intent(Intent.ACTION_SENDTO);
email.setData(Uri.parse("mailto:"));
email.putExtra(Intent.EXTRA_SUBJECT, "Audit" );
email.putExtra(Intent.EXTRA_TEXT, Time + "\n" + "Audit Results:"
if (MainActivity2.Send_A)=true{
MainActivity2.Ok_A1 + "\n" + MainActivity2.EditText1 + "\n" + MainActivity2.POA1
}
);
I know the code is completly wrong, but is it possible to do something like this?

Build up the string, than set that string to your function call.
var extraText = Time + "\n" + "Audit Results: ";
if (MainActivity2.Send_A === true){
extraText += MainActivity2.Ok_A1 + "\n" + MainActivity2.EditText1 + "\n" + MainActivity2.POA1;
}
email.putExtra(Intent.EXTRA_TEXT, extraText);

make Form Text URLEncoded format

Hollo,
I need to create a form text that sends the variable in URLEncoded format.
I need this for send SMS with API with this parameters (GET):
Username
APIKEY
Number
Text (URLEncoded)
How can I create this?
Thanks a lot for the collaboration :)

Assuming you are only missing the string generation part (and not the whole html + javascript stuff), you may have a function like :
function generateRequest(username, apikey, number, text) {
var baseUrl = "http://your.base.url/sms";
return baseUrl +
"?Username=" + username +
"&APIKEY=" + apikey +
"&Number=" + number +
"&Text=" + encodeURIComponent(text);
}
for more details about the encodeURIComponent, read this => https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent
I hope it will help you.

NodeJS + PostgreSQL: INSERT has more target columns than expressions

I'd like to INSERT the current timestamp with CURRENT_TIMESTAMPon each new user registration. The column number equal the number of parameters in VALUES. Yet I get INSERT has more target columns than expressions. Using the node-postgres npm module as a controller.
//Just 3 parameters, timestamp is hardcoded in the query
exports.create = function (username, email, password) {
DB.connect(connection, function (err, client, done) {
var query = client.query(
//4 columns
"INSERT INTO users (username, email, userpass, datecreated) VALUES" +
//4 parameters
"(" + "'" + username + "'" + "," + "'" + email + "'" + "," + "'" + password + "'" + "'CURRENT_TIMESTAMP')");
query.on('error', function (error) {
console.log("query returned an " + error);
});
query.on('row', function (row, result) {
result.addRow(row);
});
});
};

Missing comma after password and no tics around current_Timestamp
"INSERT INTO users (username, email, userpass, datecreated) VALUES" +
//4 parameters
"(" + "'" + username + "'" + "," + "'" + email + "'" + "," + "'" + password + "," + "'CURRENT_TIMESTAMP)"
--- While this may have been the accepted answer addressing the immediate issue, I highly recommend Craig and Lars answers be evaluated. Use of Parameters is a far better long term approach as it is more secure; actually easier to code once you understand how, and the correct modern paradigm.

My previous answer was based on older provided code, it isn't accurate anymore so I removed it.
You're missing a comma , between password and CURRENT_TIMESTAMP.
I'd advise you to use parameterized queries instead of building them yourself like this.

`"(" + "'" + username + "'" + "," + "'" + email + "'" + "," + "'" + password + "'" + "'CURRENT_TIMESTAMP')"`
Nonononono!
That is not how you pass parameters, and may bewhy you're having problems. (xQbert points out you're also missing a comma).
Imagine if I entered the username
');--DROP TABLE users;--
Splat. There goes your application.
Use parameterized queries by binding parameters to placeholders. This is often called "prepared statements" though they're really something different.
e.g.
client.query(
"INSERT INTO users (username, email, userpass, datecreated) VALUES ($1, $2, $3, current_timestamp)",
[username, email, password])
Your problem will go away.
Now read this.
Note that this isn't just a security problem, it's also a bug that will cause errors even from non-malicious users. I enter a nice secure looking password like 94/Ql#$'B'wC. Boom, your app falls over with a database error.

Pass multiple parameters in view when using a string to call a JS function in MVC3

I am calling a function with one parameter "modalXPTO.HtmlFieldPrefix" sucessfuly like this:
modalXPTO.AdditionalJavaScriptCallback = "myFunction('" + modalXPTO.HtmlFieldPrefix + "')";
However, I would like to send more than one parameter, and I would expect this should work:
modalXPTO.AdditionalJavaScriptCallback = "myFunction('" + "{parentContainer:" + modalXPTO.ModalDivId + ", htmlFieldPrefix:" + modalXPTO.HtmlFieldPrefix + "}" + "')";
But it doesn't. Can anyone tell me what I am missing?
Here is the myFuntion declaration:
function myFunction(arg){
alert(arg.htmlFieldPrefix);
alert(arg.parentContainer);
}

I've fixed it.
modalXPTO.AdditionalJavaScriptCallback = "myFunction(" + "{parentContainer:'" + modalXPTO.ModalDivId + "', htmlFieldPrefix:'" + modalXPTO.HtmlFieldPrefix + "'}" + ")";
It is because of the misplaced "'". I wanted to pass an object with two parameters, but because of these characters I was passing a string instead.

Categories