prepare requests for scores.controller

caaf0bc9 · Fabien Zucchet · 8d6a3294 · caaf0bc9
Commit caaf0bc9 authored 4 years ago by Fabien Zucchet
--- a/back/src/controllers/scores.controller.js
+++ b/back/src/controllers/scores.controller.js
@@ -44,9 +44,10 @@ function getDistanceTotale(req, res){
 function addNewScore(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "INSERT INTO `Score` (`participantId`, `equipeId`, `score`) VALUES ('"+req.body.participant+"', '"+req.body.equipe+"', '"+req.body.score+"');"
+  var query = "INSERT INTO `Score` (`participantId`, `equipeId`, `score`) VALUES (?, ?, ?);"
+  var inserts = [req.body.participant, req.body.equipe, req.body.score];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -58,9 +59,10 @@ function addNewScore(req, res){
 function updateScore(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Score SET participantId = "+req.body.participant+", equipeId = "+req.body.equipe+", score = "+req.body.score+" WHERE id="+req.body.id+";"
+  var query = "UPDATE Score SET participantId = ?, equipeId = ?, score = ? WHERE id=?;"
+  var inserts = [req.body.participant, req.body.equipe, req.body.score, req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -72,9 +74,10 @@ function updateScore(req, res){
 function updateScoreScore(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Score SET score = "+req.body.score+" WHERE id="+req.body.id+";"
+  var query = "UPDATE Score SET score = ? WHERE id=?;"
+  var inserts = [req.body.score, req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -86,9 +89,10 @@ function updateScoreScore(req, res){
 function updateScoreEquipe(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Score SET equipeId = "+req.body.equipe+" WHERE id="+req.body.id+";"
+  var query = "UPDATE Score SET equipeId = ? WHERE id=?;"
+  var inserts = [req.body.equipe, req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -100,9 +104,10 @@ function updateScoreEquipe(req, res){
 function updateScoreParticipant(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Score SET participantId = "+req.body.participant+" WHERE id="+req.body.id+";"
+  var query = "UPDATE Score SET participantId = ? WHERE id=?;"
+  var inserts = [req.body.participant, req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -114,9 +119,10 @@ function updateScoreParticipant(req, res){
 function deleteScore(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Score SET deleted = 1 WHERE id="+req.body.id+";"
+  var query = "UPDATE Score SET deleted = 1 WHERE id=?;"
+  var inserts = [req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })