我一直在使用来自SQL Server数据库的Express.js测试Apis。有了get,我就没有问题,但是我无法发布。
到目前为止,这是y代码:
const express = require('express');
const bodyParser = require('body-parser');
const sql = require('mssql');
const app = express();
app.use(bodyParser.json());
app.use(function (req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, contentType,Content-Type, Accept, Authorization");
next();
});
const server = app.listen(process.env.PORT || 8080, function () {
var port = server.address().port;
console.log("App now running on port", port);
});
const dbConfig = {
user: "daUser",
password: "daPass",
server: "daServer",
database: "DaDB"
}
const executeQuery = function (res, query) {
sql.connect(dbConfig, function (err) {
if (err) {
console.log(err);
res.send(err);
}
else {
// create Request object
var request = new sql.Request();
// query to the database
request.query(query, function (err, result) {
if (err) {
console.log(err);
res.send(err);
}
else {
res.send(result);
}
});
}
});
}
app.get("/api/HolidayBaseApi", function (req, res) {
var query = "SELECT * FROM [HolidaysBase]";
executeQuery(res, query);
})
app.post("/api/HolidayBaseApi", function (req, res) {
var query = "INSERT INTO [HolidaysBase] (EmployeeNumber, PeriodBegin, PeriodEnd, WorkedYears, DaysPerYear, TakenDays, RemainingDays) VALUES (req.body.EmployeeNumber, req.body.PeriodBegin, req.body.PeriodEnd, req.body.WorkedYears, req.body.DaysPerYear, req.body.TakenDays, req.body.RemainingDays)";
executeQuery(res, query);
})
当我尝试发布帖子时,出现错误消息:
The multi-part identifier \"req.body.RemainingDays\" could not be bound.
错误列出了我所有具有相同错误的字段。每个字段的格式都很好。我在邮递员中发送这样的数据:
{
"EmployeeNumber": "9",
"PeriodBegin": "2018-10-15",
"PeriodEnd": "2019-10-15",
"WorkedYears": "6",
"DaysPerYear": "18",
"TakenDays": "0",
"RemainingDays": "18"
}
有人知道为什么不让我发布信息吗?
我正在使用Javascript,Express.js,Node。
---版本---
我找到了两种解决方案。接下来的第一个解决方案:
app.post("/api/HolidayBaseApi", function (req, res) {
var query = "INSERT INTO [HolidaysBase] (EmployeeNumber, PeriodBegin, PeriodEnd, WorkedYears, DaysPerYear, TakenDays, RemainingDays) VALUES ('"+req.body.EmployeeNumber+"','"+req.body.PeriodBegin+"','"+req.body.PeriodEnd+"','"+req.body.WorkedYears+"','"+req.body.DaysPerYear+"','"+req.body.TakenDays+"','"+req.body.RemainingDays+"')";
executeQuery(res, query);
});
使用这样的代码,我可以发布帖子。但是有一些评论认为这种方式有点危险,因为它更容易获得SQL攻击注入。并找到了另一个解决方案:在const executeQuery
上需要像这样添加parameters
:
const executeQuery = function (res, query, parameters) {
sql.connect(dbConfig, function (err) {
if (err) {
console.log(err);
res.send(err);
}
else {
// create Request object
var request = new sql.Request();
// query to the database
parameters.forEach(function (p) {
request.input(p.name, p.sqltype, p.value);
});
request.query(query, function (err, result) {
if (err) {
console.log("Error al correr query en la base: " + err);
res.send(err);
}
else {
res.send(result);
sql.close();
}
});
}
});
}
然后,在app.post
上:
app.post("/api/HolidayBaseApi", function (req, res) {
var parameters = [
{ name: 'EmployeeNumber', sqltype: sql.Int, value: req.body.EmployeeNumber },
{ name: 'PeriodBegin', sqltype: sql.VarChar, value: req.body.PeriodBegin },
{ name: 'PeriodEnd', sqltype: sql.VarChar, value: req.body.PeriodEnd },
{ name: 'WorkedYears', sqltype: sql.Int, value: req.body.WorkedYears },
{ name: 'DaysPerYear', sqltype: sql.Int, value: req.body.DaysPerYear },
{ name: 'TakenDays', sqltype: sql.Int, value: req.body.TakenDays },
{ name: 'RemainingDays', sqltype: sql.Int, value: req.body.RemainingDays },
];
var query = "INSERT INTO [HolidaysBase] (EmployeeNumber, PeriodBegin, PeriodEnd, WorkedYears, DaysPerYear, TakenDays, RemainingDays) VALUES (@EmployeeNumber, @PeriodBegin, @PeriodEnd, @WorkedYears, @DaysPerYear, @TakenDays, @RemainingDays)";
executeQuery(res, query, parameters);
});
它也可以这样