Secure isSpielSession query

b589c929 · Dennis Willers · 9d6713fe · b589c929
Commit b589c929 authored Dec 29, 2020 by Dennis Willers 🏀
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 14 deletions

events.js events.js +18 -14

No files found.
--- a/events.js
+++ b/events.js
@@ -5,10 +5,9 @@ function createRouter(db) {

    // the routes are defined here
    router.post('/addSpielSession', (req, res) => {
-        var spielname = req.body.spielname;
        if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
            db.query(
-                'INSERT INTO Spielsession (SessionName) VALUES (\"'+req.body.spielname+'\");',
+                'INSERT INTO Spielsession (SessionName) VALUES (\"'+spielname+'\");',
                (error) => {
                    if (error) {
                        console.error(error);
@@ -24,21 +23,26 @@ function createRouter(db) {
    });

    router.post('/isSpielSession', (req, res) => {
-        db.query(
-            'SELECT SessionName FROM Spielsession WHERE SessionName = \''+req.body.spielname+'\';',
-            (error, results) => {
-                if (error) {
-                    console.log(error);
-                    res.status(500).json({status: 'error'});
-                } else {
-                    if (results.length > 0) {
-                        res.status(200).json({status: 'true'});
+        var spielname = req.body.spielname;
+        if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
+            db.query(
+                'SELECT SessionName FROM Spielsession WHERE SessionName = \''+spielname+'\';',
+                (error, results) => {
+                    if (error) {
+                        console.log(error);
+                        res.status(500).json({status: 'error'});
                    } else {
-                        res.status(200).json({status: 'false'});
+                        if (results.length > 0) {
+                            res.status(200).json({status: 'true'});
+                        } else {
+                            res.status(200).json({status: 'false'});
+                        }
                    }
                }
-            }
-        );
+            );
+        } else {
+            res.status(500).json({status: 'error'});
+        }
    });

    router.get('/SpielSession', function (req, res) {