I'm really struggling to find a way to safely add my Variables into an MSSQL server.
I've tried everything. Could someone please help me and provide the solution for adding my Variables into the Database?
It is crucial that I prevent any possibility of SQL-injection.
app.post('/addUser', addUser)
async function addUser(req, res) {
let pool;
const bodylength = req.body.length;
console.log(bodylength)
for (let index = 0; index < bodylength; index++) {
const id = req.body[index].id;
const first_name = req.body[index].first_name;
const last_name = req.body[index].last_name;
const active = switchToBool(req.body[index].active);
console.log(id, first_name, last_name, active)
try {
pool = await sql.connect(config);
const request = pool.request();
request.input('id', sql.Int, id)
request.input('first_name', sql.VarChar(50), first_name);
request.input('last_name', sql.VarChar(50), last_name);
request.input('active', sql.Bit, active);
request.query(`INSERT INTO test (Id, first_name, last_name, active) VALUES (id,first_name,last_name,active)`)
} catch (error) {
return res.status(500).send(error)
}
res.status(200)
}
}
Regardless of what I attempt, I keep encountering a 500 error or UnhandledPromiseRejectionWarning: RequestError: Invalid column name 'active'.