Alright :I'm building a Rest API with MSSQL (using mssql package).I started building it and everything was going create. I could write an url : 'host/users?nId=2&nAge=12&orderby=nId_Desc'and it would be building a query WHERE nID = 2 AND nAge = 12 ORDER BY nId DESC.It was great.Then I remembered : SQL Injection. Damn. All my code could be abused with sql injection.Now I have to start over and I have a hard time building a REST Api where you can build up your condition in the url while using the anti injection system of mssql package.How do you guys handle it? Do you build a route for every query?Lets say I want to query users - By ID - By Name - By ID and By Name - Order by - Top 100Do I have to build a route for every case? I also have a hard time finding documentation for mssql with node.Thank you!
Submitted January 16, 2018 at 10:22PM by Kardiamond
No comments:
Post a Comment