I am trying to store data that has been filled out on form onto a database but it isn't storing.
The goal of this code is use a html file to make a from and once the data has been input, then it will be saved on the server and be displayed on table from the server side. I am currently only able to get the column names to be displayed but no input data-
var express = require('express');
var bodyParser = require("body-parser");
var sqlite3 = require("sqlite3").verbose();
var db = new sqlite3.Database('myDBnaima3');
var app = express();
app.use(express.static('public_html'));
app.use(bodyParser.urlencoded({
extended: false
}));
app.post('/Contact', function (request, response, next) {
let name = request.body.Name;
let email = request.body.Email;
let message = request.body.Message;
//db.run('CREATE TABLE IF NOT EXISTS users (id INTEGER UNIQUE PRIMARY KEY NOT NULL, name TEXT NOT NULL, email TEXT NOT NULL);');
var statement = db.run(`INSERT INTO users (name, email, message) VALUES ("${name}","${email}","${message}");`);
console.log("Information Entered Succesfully!");
res.status(200).redirect('/');
});
app.get('/Contact', function (request, response, next) {
db.all('SELECT * FROM users;', function (error, rows) {
response.write(`<table border=1>`);
response.write("<tr>");
response.write(`<th>ID</th>`);
response.write(`<th>Name</th>`);
response.write(`<th>Message</th>`);
response.write("</tr>");
rows.forEach(row => {
response.write("<tr>");
response.write(`<td>${row["name"]}</td>`);
response.write(`<td>${row["email"]}</td>`);
response.write(`<td>${row["message"]}</td>`);
response.write("</tr>");
});
response.write("</table>");
});
});
app.listen(3000, function () {
console.log("Web server running at: http://localhost:3000 NAIMA IS HERE AGAIN!!!!");
console.log("Type Ctrl+C to shut down the web server");
});
You're not checking if your insert succeeds. It could be failing. You can check with a callback that will be run when the statement finishes, or when there's an error.
Pasting values straight into your SQL makes your code vulnerable to SQL Injection, a very common security problem, and other syntax errors. If, for example, your message contains a " it will break the insert.
You should instead use placeholders.
Putting them together, it's something like this.
db.run(
"INSERT INTO users (name, email, message) VALUES ($name,$email,$message)",
{ $name: name, $email: email, $message: message },
(error) => {
if( error ) {
console.log(`Insert failed: ${error}`);
res.status(500);
}
else {
console.log("Information Entered Succesfully!");
res.status(200).redirect('/');
}
}
);
Your code can be simplified by using db.each.
app.get('/Contact', function(request, response, next) {
response.write(`<table border=1>`);
response.write("<tr>");
response.write(`<th>ID</th>`);
response.write(`<th>Name</th>`);
response.write(`<th>Message</th>`);
response.write("</tr>");
db.each('SELECT * FROM users;', function(error, row) {
response.write("<tr>");
response.write(`<td>${row["name"]}</td>`);
response.write(`<td>${row["email"]}</td>`);
response.write(`<td>${row["message"]}</td>`);
response.write("</tr>");
});
response.write("</table>");
});
This is simpler and more efficient. db.all will slurp all the rows into memory at once potentially using a lot of memory if you have a lot of users. db.each will fetch them one at a time.
Related
I think the table I'm trying to query isn't normalized (not my dataset). Whenever my where clause includes a value that is not a number I get the error below. It's as if the value of the where clause is confused with the column name itself. Now if I change the column to a field that only contains numbers, it executes without error. Any idea as to why this is happening?
name: 'ERROR',
event: 'errorMessage',
number: 207,
state: 1,
class: 16,
message: "Invalid column name 'somestring'.",
serverName: 'server1234\\SQLEXPRESS',
procName: '',
lineNumber: 1
var express = require('express');
var app = express();
app.get('/', function (req, res) {
var sql = require("mssql");
// config for your database
var config = {
user: 'username',
password: 'password',
server: 'server1234',
database: 'dbname1234'
};
// connect to your database
sql.connect(config, function (err) {
if (err) console.log(err);
// create Request object
var request = new sql.Request();
// query to the database and get the records
request.query('select * from dbo.recordset3 where column4=somestring', function (err, recordset) {
if (err) console.log(err)
// send records as a response
res.send(recordset);
});
});
});
var server = app.listen(5000, function () {
console.log('Server is running..');
});```
Solved! when using where you need to use escaped single quotes.
where column4 = \'somestring\'
request.query(('select * from users WHERE username=' + '\'' + req.body.username + '\''), function (err, recordset) {
U should use request.input function to pass values to query to avoid sql injection attempts.
https://www.npmjs.com/package/mssql#input-name-type-value
https://www.npmjs.com/package/mssql#sql-injection
// create Request object
var request = new sql.Request();
//use request.input
request.input('column4',sql.VarChar,"somestring");
// query to the database and get the records
request.query('select * from dbo.recordset3 where column4=#column4', function (err, recordset) {
if (err) console.log(err)
// send records as a response
res.send(recordset);
});
What I need to do:
I want to get First_Name from user.js which the user selected into identity.js file to store it in another MySQL table. It will be also good that after using it, will goes/empty to prevent a memory leak. Thankful for any help.
What I have:
********server/app.js*********
const express = require('express');
const app = express();
const addUser = require('./routes/user');
const identity = require('./routes/identity');
const port = 8080;
const cors = require('cors');
app.use(cors());
// routes for the app
app.post('/add', addUser);
app.use('/identity', identity);
// set the app to listen on the port
app.listen(port, () => {
console.log(`Server running on port: ${port}`);
});
*******user.js******
module.exports = {
addUser: (req, res) => {
let First_Name = req.body.First_Name;
let Last_Name = req.body.Last_Name;
let query = "INSERT INTO `user` (First_Name, Last_Name) VALUES ('" +
First_Name + "', '" + Last_Name + "')";
db.query(query, (err, result) => {
if (err) {
return res.status(500).send(err);
}
res.send('Success');
console.log('User Created successfully !');
});
}
};
******identity.js*********
const identity = express.Router();
//Store the selected option from Radiobutton in MySQL into another table
identity.post('/', (req, res) => {
let selection = req.body.selectedOption;
//***here I want to get First_Name which user selected in user.js***
//const query = "INSERT INTO `document` (First_Name , selection ) VALUES ('" + First_Name + "','" + selection + "')";
db.query(query, (err, _result) => {
if (err) {
return res.status(500).send(err);
}
res.send('Success');
console.log('stored successfully !');
});
});
module.exports = identity;
Extract your database post into its own function and give it an interface (query) => Promise. At the moment you are writing to the database and to a response in one place.
Make the new database function return a Promise that it will resolve or reject based on the outcome of posting to the database.
Then in the post handler, call the function and respond to the web request based on the Promise outcome.
Export the database function. Import it from the user module, and use it there.
Make your functions do one thing only and give them interfaces that expose that. Your database post takes the query to post and returns a statement about the outcome.
Your handler takes a request, calls functions that do things, and responds based on the outcomes. Both the handlers will have that shape once you move that db function out.
It is controller / service separation of concerns.
I know this question have many duplicates, but I have already wasted too much time searching for the right solution.
First take a look at my Node.JS:
var express = require('express');
var app = express();
app.get('/', function (req, res) {
var sql = require("mssql");
// config for your database
var config = {
user: 'myuser',
password: 'mypass',
server: 'myip',
database: 'mydatabase'
};
sql.close();
// connect to your database
sql.connect(config, function (err) {
if (err) console.log(err);
var dataqu = '';
// create Request object
var request = new sql.Request();
// query to the database and get the records
request.query("select * from AR_Invoices", function (err, recordset) {
if (err) console.log(err)
res.json(recordset);
sql.close();
});
});
});
var server = app.listen(5000,'0.0.0.0', function () {
console.log('Server is running..');
});
This code runs fine, but the json result structure is like this :
{"recordsets":[[{"Tipe":"Invoices","InvoiceID":411891,"InvoiceNumber":"SR.1701.0001"}]],"recordset":[{"Tipe":"Invoices","InvoiceID":411891,"InvoiceNumber":"SR.1701.0001"}],"output":{},"rowsAffected":[1]}
I don't know why but for some reason the result is always resulting in duplicate.
And how to just select InvoiceID and InvoiceNumber ?
I already tested using recordset.InvoiceID or recordset[0].InvoiceID but all is always in vain, and the result always in duplicate.
Can anyone explain how to do this properly?
I want the final result became like this :
[
{ "InvoiceID":"1", "InvoiceNumber":"mynumber" }
]
For the future reference, i finally got how to do this here is my full code
var express = require('express');
var app = express();
var dateFormat = require('dateformat');
app.get('/', function (req, res) {
var sql = require("mssql");
// config for your database
var config = {
user: 'myuser',
password: 'mypassword',
server: 'myip',
database: 'mydb'
};
sql.close();
// connect to your database
sql.connect(config, function (err) {
if (err) console.log(err);
// create Request object
var request = new sql.Request();
// query to the database and get the records
request.query("select top 2 'Invoices' as Tipe,InvoiceID,InvoiceNumber,InvoiceDate,(select top 1DriverPicture from dbDigitalApp.dbo.tbdriver) as Blob from AR_Invoices", function (err, result) {
if (err) console.log(err)
var myarr = new Array();
for (var i = 0; i < result.recordset.length; ++i) {
var InvoiceNumber = result.recordset[i].InvoiceNumber;
var InvoiceDate = dateFormat(result.recordset[i].InvoiceDate, "dd mmmm yyyy");
var Blob = result.recordset[i].Blob;
myarr.push({'InvoiceNumber':InvoiceNumber,'InvoiceDate':InvoiceDate,'Blob':Buffer.from(Blob).toString('base64')});
}
res.json(myarr);
sql.close();
});
});
});
var server = app.listen(5000,'0.0.0.0', function () {
console.log('Server is running..');
});
and the result of above code is like this :
answers
with above code you can get specific field only and do whatever you want with those specific data, such as change date format or encode base64.
i don't know if this the cleanest way to do this since the node.js has its own function using res.json that can set all field of retrieved data without need to loop through it.
But at least here is my kind of solution, hope it will be helpful to there future people who wondering the same thing like me.
I'm using node and postgres, I'm new to writing async function, what I'm trying to do is a very simple query that will do a total count of records in the database, add one to it and return the result. The result will be visible before the DOM is generated. I don't know how to do this, since async function doesn't return value to callers (also probably I still have the synchronous mindset). Here's the function:
function generateRTA(callback){
var current_year = new Date().getFullYear();
const qry = `SELECT COUNT(date_part('year', updated_on))
FROM recruitment_process
WHERE date_part('year', updated_on) = $1;`
const value = [current_year]
pool.query(qry, value, (err, res) => {
if (err) {
console.log(err.stack)
} else {
var count = parseInt(res.rows[0].count) + 1
var rta_no = String(current_year) + '-' + count
callback(null, rta_no)
}
})
}
For the front-end I'm using pug with simple HTML form.
const rta_no = generateRTA(function (err, res){
if(err){
console.log(err)
}
else{
console.log(res)
}
})
app.get('/new_application', function(req, res){
res.render('new_application', {rta_number: rta_no})
});
I can see the rta_no in console.log but how do I pass it back to the DOM when the value is ready?
Based on the ajax call async response, it will update the div id "div1" when it gets the response from the Node js .
app.js
app.get("/webform", (req, res) => {
res.render("webform", {
title: "Render Web Form"
});
});
app.get("/new_application", (req, res) => {
// Connect to database.
var connection = getMySQLConnection();
connection.connect();
// Do the query to get data.
connection.query('SELECT count(1) as cnt FROM test ', function(err, rows, fields) {
var person;
if (err) {
res.status(500).json({"status_code": 500,"status_message": "internal server error"});
} else {
// Check if the result is found or not
if(rows.length==1) {
res.status(200).json({"count": rows[0].cnt});
} else {
// render not found page
res.status(404).json({"status_code":404, "status_message": "Not found"});
}
}
});
// Close connection
connection.end();
});
webform.pug - Via asynchronous call
html
head
script(src='https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js')
script.
$(document).ready(function(){
$.ajax({url: "/new_application", success: function(result){
$("#div1").html(result.count);
}});
});
body
div
Total count goes here :
#div1
value loading ...
That seems okay, I'm just not sure of this:
The result will be visible before the DOM is generated
This constraint defeats the purpose of async, as your DOM should wait for the returned value to be there. Instead of waiting for it you could just render the page and once the function returns and runs your callback update the value.
Also, perhaps it's worth having a look into promises
I am using express as my webserver for node and everything seems to be working correctly. The only problem I am encoutering is when I load a specific page ('/learn' route) 10 times repeatedly. Once I do this, express seems to stop working, although no error is logged to the console and nothing wrong is displayed on the page. It just keeps waiting for the host in the browser. What is weird is that the problem doesn't occur if I go from the page with the problem to another page, and then back again. I can repeat this as much as I want without error. Here is my route with the problem:
var bcrypt = require('bcrypt');
var pool = require('../database.js').pool;
module.exports = function(app) {
app.get('/learn', function(req, res, next) {
var query = 'SELECT * FROM questions INNER JOIN answers ON questions.questionID = answers.questionID';
pool.getConnection(function(err, connection) {
connection.query(query, function(err, rows) {
if (err) {
throw err;
}
var data = {
name: req.session.name,
problems: rows,
};
res.render('learn.html', data);
});
});
});
app.post('/learn/checkAnswer', function(req, res) {
//get posted form data
var questionID = req.body.questionID;
var selectedAnswer = req.body.selectedAnswer;
//query database
pool.getConnection(function(err, connection) {
var query = connection.query('SELECT correctAnswer FROM questions WHERE questionID = ?', questionID, function(err, rows) {
res.send({
correctAnswer: rows[0].correctAnswer
});
});
});
});
};
I'm not sure if this makes a difference, but I am using handlebars as my rendering engine instead of jade, as well as node-mysql for my database.
10 is the default size of the node-mysql pool. And since you're not ending the connections retrieved with pool.getConnection, the 11th request will wait indefinitely for a free connection.
Easy to fix:
connection.query(query, function(err, rows) {
connection.end(); // end the connection as soon as possible,
// so it's returned to the pool and can be reused.
if (err) ...
});