[英]website timeout after adding a .inv to req,session
I am trying to add a unique ID to my req.session
but when the function executes if I want to go to another page it timeout due to infinite loading.我正在尝试向我的
req.session
添加一个唯一 ID,但是当 function 执行时,如果我想将 go 无限加载到另一个页面,它会超时。 Is there a way to do this correctly?有没有办法正确地做到这一点?
app.use(function (req, res, next) {
if (req.query.inv) {
sql.query(`SELECT * FROM inv WHERE inv='${req.query.inv}';`, (error, result) => {
if(error) console.log(error);
if(result.length < 1) {
req.session.inv= '';
next()
} else {
req.session.inv = `?inv=${req.query.inv}`;
console.log(req.session.inv);
next()
}
});
} else {
if(!req.session.inv) {
req.session.inv= '';
next()
}
}
});
You have a middleware which must call next()
when complete so that the next middleware in the stack can be called.您有一个中间件,完成后必须调用
next()
以便可以调用堆栈中的下一个中间件。 See Express's Using middleware documentation.请参阅 Express 的使用中间件文档。
Take a look at your logic - if inv
is not in your query string but does exist in your session, then next()
is never called.看看你的逻辑 - 如果
inv
不在你的查询字符串中但确实存在于你的 session 中,那么next()
永远不会被调用。 This aligns with the issue you are having - you add inv
to your session, and then on your next page load you will be forever stuck in your middleware.这与您遇到的问题一致 - 您将
inv
添加到 session,然后在您的下一页加载时,您将永远卡在中间件中。 You would instead want logic like this:你会想要这样的逻辑:
app.use(function (req, res, next) {
if (req.query.inv) {
/* .... */
} else if (!req.session.inv) {
req.session.inv= '';
}
next(); // this makes sure that next() always gets called
});
You also have a glaring SQL Injection risk because you are taking a raw query string value and passing it directly into your query.您还有一个明显的SQL 注入风险,因为您正在获取原始查询字符串值并将其直接传递到您的查询中。 What you want is a parameterized query - I linked to node-postgres documentation even though I'm not sure what database you are actually using.
你想要的是一个参数化查询- 我链接到 node-postgres 文档,即使我不确定你实际使用的是什么数据库。 As of now your query is not safe.
到目前为止,您的查询不安全。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.