Commit b589c929 authored by Dennis Willers's avatar Dennis Willers 🏀

Secure isSpielSession query

parent 9d6713fe
Pipeline #285 passed with stages
in 2 minutes and 2 seconds
......@@ -5,10 +5,9 @@ function createRouter(db) {
// the routes are defined here
router.post('/addSpielSession', (req, res) => {
var spielname = req.body.spielname;
if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
db.query(
'INSERT INTO Spielsession (SessionName) VALUES (\"'+req.body.spielname+'\");',
'INSERT INTO Spielsession (SessionName) VALUES (\"'+spielname+'\");',
(error) => {
if (error) {
console.error(error);
......@@ -24,21 +23,26 @@ function createRouter(db) {
});
router.post('/isSpielSession', (req, res) => {
db.query(
'SELECT SessionName FROM Spielsession WHERE SessionName = \''+req.body.spielname+'\';',
(error, results) => {
if (error) {
console.log(error);
res.status(500).json({status: 'error'});
} else {
if (results.length > 0) {
res.status(200).json({status: 'true'});
var spielname = req.body.spielname;
if (spielname.match(/^[0-9a-zA-Z]+$/) != null) {
db.query(
'SELECT SessionName FROM Spielsession WHERE SessionName = \''+spielname+'\';',
(error, results) => {
if (error) {
console.log(error);
res.status(500).json({status: 'error'});
} else {
res.status(200).json({status: 'false'});
if (results.length > 0) {
res.status(200).json({status: 'true'});
} else {
res.status(200).json({status: 'false'});
}
}
}
}
);
);
} else {
res.status(500).json({status: 'error'});
}
});
router.get('/SpielSession', function (req, res) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment