prepare requests for equipe.controller

back/src/controllers/equipe.controller.js

@@ -80,9 +80,10 @@ function getEquipesByUserId(req, res) {
 
 function addNewEquipe(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "INSERT INTO `Equipe` (`name`) VALUES ('" + req.body.name + "');"
+  var query = "INSERT INTO `Equipe` (`name`) VALUES (?);"
+  var inserts = [req.body.name];
   con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
     if (err) {
       console.log(err)
       return res.send({ success: false })
@@ -94,9 +95,10 @@ function addNewEquipe(req, res) {
 
 function updateEquipe(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Equipe SET name = '" + req.body.name + "' WHERE id=" + req.body.id + ";"
+  var query = "UPDATE Equipe SET name = ? WHERE id=?;"
+  var inserts = [req.body.name, req.body.id];
   con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
     if (err) {
       console.log(err)
       return res.send({ success: false })
@@ -108,9 +110,10 @@ function updateEquipe(req, res) {
 
 function deleteEquipe(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Equipe SET deleted = 1 WHERE id=" + req.body.id + ";"
+  var query = "UPDATE Equipe SET deleted = 1 WHERE id=?;"
+  var inserts = [req.body.id];
   con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
     if (err) {
       console.log(err)
       return res.send({ success: false })