1

So i have this:

var dates = {
    monday: req.body.monday,
    tuesday: req.body.tuesday,
    wednesday: req.body.wednesday,
    thursday: req.body.thursday,
    friday: req.body.friday,
    saturday: req.body.saturday,
    sunday: req.body.sunday
}

    console.log(Object.values(dates))

the way this works is you can select a checkbox on the front end, and all the results will be sent to the backend regardless if you checked it or not. Now, i need to sort through those results to only insert the ones that were selected (they don't have defined values, like the array response below).

in the for loop result set, i it gets returned as so:

    [
  '2',       undefined,
  undefined, undefined,
  undefined, undefined,
  '1'
    ]

as you can see, 5/7 are undefined. So i have a standard insert query into SQL, but i need to insert only the values that are defined. so in my head i am thinking insert into clients where Object.values(dates) != undefined, but i know thats not right, especially cause that's now the way the sql query works lol.

I have this:

var addclient = "insert into clients (NAME, EMAIL, PHONE_NUMBER, TRAINER_NAME, HOUR, MINUTE, DATES) values ('" + name + "', '" + email + "', '" + phonenumber + "', '" + req.session.username + "', '" + hour + "', '" + minute + "', '" + dates + "')";

how can i do this?

Improve this question
5
  • 1
    What are you expecting "dates" to be turned into for the string in the database? Commented Nov 1, 2021 at 17:29
  • 1
    It's not clear what you're trying to do, for example what's the type of DATES in the DB ? from the query you put one would assume it's a JSON. Is the query executed in a loop ? Commented Nov 1, 2021 at 17:31
  • @Digglit just updated to explain more. Commented Nov 1, 2021 at 17:31
  • @developerg1000 it's still unclear as to what you're hoping the end result in your database will look like. Can you post an example of what a string will appear as? Commented Nov 1, 2021 at 17:36
  • 2
    If you want your array to just have the values that are not undefined, just filter them out. console.log(Object.values(dates).filter(el=> !!el)) Commented Nov 1, 2021 at 17:38

2 Answers 2

Reset to default
1

Besides the actual question, using unsanitzed input to create a sql string in the way it is shown in the snippet is a huge risk. It allows an attacker to perform a sql injection. See more here: https://owasp.org/www-community/attacks/SQL_Injection

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

If you're hoping to insert the values as a comma delineated string, you can accomplish that by doing the following:

const formattedString = Object.values(dates).filter(el => el).join(', ');
var addclient = "insert into clients (NAME, EMAIL, PHONE_NUMBER, TRAINER_NAME, HOUR, MINUTE, DATES) values ('" + name + "', '" + email + "', '" + phonenumber + "', '" + req.session.username + "', '" + hour + "', '" + minute + "', '" + formattedString + "')";

Notice that I changed the "dates" in your insert method to the new "formattedString". Given your example, formattedString would be "2, 1".

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.