1
我創建了這個代碼插入數據到數據庫使用nodejs和mysql ,這是工作和數據插入,但問題的網頁仍然重新加載,並永遠不會停止後,我點擊提交按鈕,併發送相同的值一次以上到數據庫nodejs頁面沒有停止重新加載
server.js
var express = require('express');
var app = express();
var server = require('http').createServer(app);
bodyParser = require('body-parser');
var mysql = require('mysql');
var connection = mysql.createConnection({
host: 'localhost',
database: 'chmult',
user: 'root',
password: '',
});
users = [];
connections = [];
app.get('/', function(req, res){
res.sendFile(__dirname + '/');
});
app.use(bodyParser.urlencoded({
extended: true
}));
/**bodyParser.json(options)
* Parses the text as JSON and exposes the resulting object on req.body.
*/
app.use(bodyParser.json());
connection.connect();
app.post("/", function (req, res) {
console.log(req.body.user.username)
connection.query("Insert into tesko (username) VALUES ('"+req.body.user.username+"')")
});
app.listen(3231);
console.log('Example app listening at port:3000');
html代碼
<html>
<form method="post" action="">
<input type="text" name="user[username]">
<input type="submit" value="Submit">
</form>
</html>
將用戶輸入盲目連接到SQL查詢中正在尋求注入攻擊。 **不要做這個** – mscdex