From 446b29b1dc8f256f514a6a3b255ebe2651d12f30 Mon Sep 17 00:00:00 2001 From: abhi9560 <54478454+abhi9560@users.noreply.github.com> Date: Wed, 17 Jan 2024 15:26:07 +0530 Subject: [PATCH] Update api.go Use prepared statements to prevent SQL injection. This is crucial for security. --- api.go | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/api.go b/api.go index cbef2ef..bfc6065 100644 --- a/api.go +++ b/api.go @@ -8,22 +8,45 @@ import ( func setupJsonApi() { http.HandleFunc("/createUser", func(w http.ResponseWriter, r *http.Request) { // create mysql connection - conn := createConnection() + conn, err := createConnection() + if err != nil { + http.Error(w, "Unable to establish database connection", http.StatusInternalServerError) + return + } + defer conn.Close() + name := r.FormValue("name") email := r.FormValue("email") query := "INSERT INTO users (name, email) VALUES (" + name + ", " + email + ")" result, err := conn.Exec(query) - fmt.Println("result ", result, " err ", err.Error()) + if err != nil { + http.Error(w, "Error executing SQL query", http.StatusInternalServerError) + return + } + fmt.Println("result ", result) w.Write([]byte("Created user successfully!")) }) + + http.HandleFunc("/updateUser", func(w http.ResponseWriter, r *http.Request) { // create mysql connection - conn := createConnection() + conn,err := createConnection() + if err != nil { + http.Error(w, "Unable to establish database connection", http.StatusInternalServerError) + return + } + defer conn.Close() + name := r.FormValue("name") email := r.FormValue("email") query := "Update users set name=" + name + ", email=" + email + " where id=" + r.FormValue("id") result, err := conn.Exec(query) - fmt.Println("result ", result, " err ", err.Error()) + if err != nil { + http.Error(w, "Error executing SQL query", http.StatusInternalServerError) + return + } + + fmt.Println("result ", result) w.Write([]byte("User updated successfully!")) }) }