asdf
This commit is contained in:
parent
4fa2917f26
commit
f891b486df
|
|
@ -31,9 +31,10 @@ PGPASSWORD=asdfpassword
|
||||||
|
|
||||||
## Server
|
## Server
|
||||||
|
|
||||||
!only listening on localhost is supported. DO NOT run this on a public ip.
|
!only listening on localhost is supported. DO NOT run this on a public ip.
|
||||||
|
|
||||||
- `/health`
|
- `/health`
|
||||||
|
- `/health-db`
|
||||||
- `/setup-demo-db`
|
- `/setup-demo-db`
|
||||||
- `/nuke-db`
|
- `/nuke-db`
|
||||||
- `/fetch-all-users`
|
- `/fetch-all-users`
|
||||||
|
|
@ -49,7 +50,7 @@ PGPASSWORD=asdfpassword
|
||||||
#### 1. Parameterization of Queries
|
#### 1. Parameterization of Queries
|
||||||
|
|
||||||
Used `pool.Query()` with a parameterized query, instead of dynamically constructing the SQL query by directly inserting the user input.
|
Used `pool.Query()` with a parameterized query, instead of dynamically constructing the SQL query by directly inserting the user input.
|
||||||
Parameterized queries separate the SQL code from the data, so user input is never directly put into the query's structure. Placeholders are used instead, and the data is passed as parameters. The DB will treat them as data, not executable code.
|
Parameterized queries separate the SQL code from the data, so user input is never directly put into the query's structure. Placeholders are used instead, and the data is passed as parameters. The DB will treat them as data, not executable code.
|
||||||
|
|
||||||
#### 2. Input Validation and Query Type Restriction
|
#### 2. Input Validation and Query Type Restriction
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
import { Server } from "http";
|
|
||||||
import { atom } from "jotai";
|
import { atom } from "jotai";
|
||||||
|
|
||||||
// store which page the user is currently on
|
// store which page the user is currently on
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue