prepare requests for objectifs.controller

7f47ef4f · Fabien Zucchet · 073ac6b4 · 7f47ef4f
Commit 7f47ef4f authored 4 years ago by Fabien Zucchet
--- a/back/src/controllers/objectifs.controller.js
+++ b/back/src/controllers/objectifs.controller.js
@@ -43,9 +43,10 @@ function getAdminObjectifs(req, res){

 function addNewObjectif(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "INSERT INTO `Objectif` (`name`, `description`, `value`, `coef`) VALUES ('"+req.body.name+"', '"+req.body.description+"', '"+req.body.value+"', '"+req.body.coef+"');"
+  var query = "INSERT INTO `Objectif` (`name`, `description`, `value`, `coef`) VALUES (?, ?, ?, ?);"
+  var inserts = [req.body.name, req.body.description, req.body.value, req.body.coef];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -57,9 +58,10 @@ function addNewObjectif(req, res){

 function updateObjectifName(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Objectif SET name = '"+req.body.name+"' WHERE id="+req.body.id+";"
+  var query = "UPDATE Objectif SET name = ? WHERE id=?;"
+  var inserts = [req.body.name, req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -71,9 +73,10 @@ function updateObjectifName(req, res){

 function updateObjectifDescription(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Objectif SET description = '"+req.body.description+"' WHERE id="+req.body.id+";"
+  var query = "UPDATE Objectif SET description = ? WHERE id=?;"
+  var inserts = [req.body.description, req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -85,9 +88,10 @@ function updateObjectifDescription(req, res){

 function updateObjectifValue(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Objectif SET value = "+req.body.value+" WHERE id="+req.body.id+";"
+  var query = "UPDATE Objectif SET value = ? WHERE id=?;"
+  var inserts = [req.body.value, req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -99,9 +103,10 @@ function updateObjectifValue(req, res){

 function updateObjectifCoef(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Objectif SET coef = "+req.body.coef+" WHERE id="+req.body.id+";"
+  var query = "UPDATE Objectif SET coef = ? WHERE id=?;"
+  var inserts = [req.body.coef, req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -113,9 +118,10 @@ function updateObjectifCoef(req, res){

 function deleteObjectif(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Objectif SET deleted = 1 WHERE id="+req.body.id+";"
+  var query = "UPDATE Objectif SET deleted = 1 WHERE id=?;"
+  var inserts = [req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })