diff --git a/back/src/controllers/equipe.controller.js b/back/src/controllers/equipe.controller.js index b6bfba5a4939725cb8fd65c02e0c29d81e94e1a3..829dca1bdafe89e2e33a29c0ec103f81c413a5ff 100644 --- a/back/src/controllers/equipe.controller.js +++ b/back/src/controllers/equipe.controller.js @@ -80,9 +80,10 @@ function getEquipesByUserId(req, res) { function addNewEquipe(req, res) { var con = mysql.createConnection(dbConfig); - var query = "INSERT INTO `Equipe` (`name`) VALUES ('" + req.body.name + "');" + var query = "INSERT INTO `Equipe` (`name`) VALUES (?);" + var inserts = [req.body.name]; con.connect(); - con.query(query, (err, result) => { + con.query(query, inserts, (err, result) => { if (err) { console.log(err) return res.send({ success: false }) @@ -94,9 +95,10 @@ function addNewEquipe(req, res) { function updateEquipe(req, res) { var con = mysql.createConnection(dbConfig); - var query = "UPDATE Equipe SET name = '" + req.body.name + "' WHERE id=" + req.body.id + ";" + var query = "UPDATE Equipe SET name = ? WHERE id=?;" + var inserts = [req.body.name, req.body.id]; con.connect(); - con.query(query, (err, result) => { + con.query(query, inserts, (err, result) => { if (err) { console.log(err) return res.send({ success: false }) @@ -108,9 +110,10 @@ function updateEquipe(req, res) { function deleteEquipe(req, res) { var con = mysql.createConnection(dbConfig); - var query = "UPDATE Equipe SET deleted = 1 WHERE id=" + req.body.id + ";" + var query = "UPDATE Equipe SET deleted = 1 WHERE id=?;" + var inserts = [req.body.id]; con.connect(); - con.query(query, (err, result) => { + con.query(query, inserts, (err, result) => { if (err) { console.log(err) return res.send({ success: false })