prepare requests for evenement.controller

073ac6b4 · Fabien Zucchet · c1e25de0 · 073ac6b4
Commit 073ac6b4 authored 4 years ago by Fabien Zucchet
--- a/back/src/controllers/evenement.controller.js
+++ b/back/src/controllers/evenement.controller.js
@@ -43,9 +43,10 @@ function getAdminEvenements(req, res){
 function addNewEvenement(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "INSERT INTO `Event` (`name`, `startDate`, `endDate`) VALUES ('"+req.body.name+"', '"+req.body.startDate+"', '"+req.body.endDate+"');"
+  var query = "INSERT INTO `Event` (`name`, `startDate`, `endDate`) VALUES (?, ?, ?);"
+  var inserts = [req.body.name, req.body.startDate, req.body.endDate];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -57,9 +58,10 @@ function addNewEvenement(req, res){
 function updateEvenementName(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Event SET name = '"+req.body.name+"' WHERE id="+req.body.id+";"
+  var query = "UPDATE Event SET name = ? WHERE id=?;"
+  var inserts = [req.body.name, req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -71,9 +73,10 @@ function updateEvenementName(req, res){
 function updateEvenementStartDate(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Event SET startDate = '"+req.body.startDate+"' WHERE id="+req.body.id+";"
+  var query = "UPDATE Event SET startDate = ? WHERE id=?;"
+  var inserts = [req.body.startDate, req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -85,9 +88,10 @@ function updateEvenementStartDate(req, res){
 function updateEvenementEndDate(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Event SET value = "+req.body.endDate+" WHERE id="+req.body.id+";"
+  var query = "UPDATE Event SET value = ? WHERE id=?;"
+  var inserts = [req.body.endDate, req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -99,9 +103,10 @@ function updateEvenementEndDate(req, res){
 function DeleteEvenement(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Event SET deleted = 1 WHERE id="+req.body.id+";"
+  var query = "UPDATE Event SET deleted = 1 WHERE id=?;"
+  var inserts = [req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })