Hi, I will mention that this piece of code has a big security issue. You should never combine a sql query string with your parameter directly. If email is a string like
' OR 1=1 -- you will login without any login information. For more information see https://en.wikipedia.org/wiki/SQL_injection. Use a sql library that supports sql prepared statements. Another problem is that it seems so, that you store the password in plain. You shouldn't do this in fact of security issues. Store passwords as a hash and before querying the database, you hash the given password two. This post explains, how to do it in node. http://lollyrock.com/articles/nodejs-sha512/ Thomas Am 19.04.2017 um 13:59 schrieb [email protected]: > function login(email, password, callback){ > var email = email.trim().toLowerCase(); > var password = password.trim(); > > var queryString = "SELECT * FROM users where Email ="+"'"+email+"' > AND Password = '"+password+"'"; > > con.query(queryString, function(err, rows){ > if(err){ > throw err; > } > callback(rows); > }); > }; > > login('[email protected]', 'Password', function(results){ > con.end(); > // Do stuff with results > }); > > On Tuesday, March 28, 2017 at 5:58:47 AM UTC+5:30, SURAJ KUMAR CHANDRA > wrote: > > How do you guys use node js vars. Please refer to red marking. I am > declaring variable at one place trying to use at another place, > simply not working. > > function login(email,password){ // Returns the login data row > var email = email.trim().toLowerCase(); > var password = password.trim(); > > var result = []; //*Declaring here* > > //var queryString = "SELECT * FROM users where Email > ="+"'"+email+"'"+ AND Password = +"'"+password+"'"; > var queryString = "SELECT * FROM users where Email ="+"'"+email+"' > AND Password = '"+password+"'"; > > //var execQuery = function execQuery(){ > con.query(queryString,function(err,rows){ > if(err) throw err; > > // console.log('Data received from Db:\n'); > //result = result.push('SUCCESS','0000','Data',rows) > //console.log(rows); > result = rows; // *Want to use here* > //return rows; > > }); > > con.end(); > > //} > //console.log('Outside function block: '+execQuery()); > return result; /*/ want to see here* > } > > -- > Job board: http://jobs.nodejs.org/ > New group rules: > https://gist.github.com/othiym23/9886289#file-moderation-policy-md > Old group rules: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > --- > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/nodejs/c4e339af-c4cb-4e47-8a56-3162bb079789%40googlegroups.com > <https://groups.google.com/d/msgid/nodejs/c4e339af-c4cb-4e47-8a56-3162bb079789%40googlegroups.com?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/d/optout. -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/d5aba1d3-d85d-a25a-490c-83cca6be626d%40gmx.de. For more options, visit https://groups.google.com/d/optout.
