From c1e25de04dea17befee64e480359d0843abde5d1 Mon Sep 17 00:00:00 2001
From: Fabien Zucchet <fabien.zucchet@student-cs.fr>
Date: Tue, 2 Mar 2021 13:42:05 +0100
Subject: [PATCH] prepare requests for equipe.controller
---
back/src/controllers/equipe.controller.js | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/back/src/controllers/equipe.controller.js b/back/src/controllers/equipe.controller.js
index b6bfba5a..829dca1b 100644
--- a/back/src/controllers/equipe.controller.js
+++ b/back/src/controllers/equipe.controller.js
@@ -80,9 +80,10 @@ function getEquipesByUserId(req, res) {
function addNewEquipe(req, res) {
var con = mysql.createConnection(dbConfig);
- var query = "INSERT INTO `Equipe` (`name`) VALUES ('" + req.body.name + "');"
+ var query = "INSERT INTO `Equipe` (`name`) VALUES (?);"
+ var inserts = [req.body.name];
con.connect();
- con.query(query, (err, result) => {
+ con.query(query, inserts, (err, result) => {
if (err) {
console.log(err)
return res.send({ success: false })
@@ -94,9 +95,10 @@ function addNewEquipe(req, res) {
function updateEquipe(req, res) {
var con = mysql.createConnection(dbConfig);
- var query = "UPDATE Equipe SET name = '" + req.body.name + "' WHERE id=" + req.body.id + ";"
+ var query = "UPDATE Equipe SET name = ? WHERE id=?;"
+ var inserts = [req.body.name, req.body.id];
con.connect();
- con.query(query, (err, result) => {
+ con.query(query, inserts, (err, result) => {
if (err) {
console.log(err)
return res.send({ success: false })
@@ -108,9 +110,10 @@ function updateEquipe(req, res) {
function deleteEquipe(req, res) {
var con = mysql.createConnection(dbConfig);
- var query = "UPDATE Equipe SET deleted = 1 WHERE id=" + req.body.id + ";"
+ var query = "UPDATE Equipe SET deleted = 1 WHERE id=?;"
+ var inserts = [req.body.id];
con.connect();
- con.query(query, (err, result) => {
+ con.query(query, inserts, (err, result) => {
if (err) {
console.log(err)
return res.send({ success: false })
--
GitLab