webahead1 / onshop Goto Github PK
View Code? Open in Web Editor NEW[Project #2]a web-store that allows ordering and registering to the website. by: Abdallah, Hiba and Moamen
[Project #2]a web-store that allows ordering and registering to the website. by: Abdallah, Hiba and Moamen
the .env file is supposed to be a secret file, a file which contains settings for an environment but also sensitive details (in the future it might contain passwords and access to APIs which cost money)
to hide it you might need to do the following:
.gitignore
fileLines 11 to 22 in 16d1134
Also the userid field in the cart should be a foreign key that references the users table.
only seen the server.js
and the code is not neat as it could be, fastest way to fix this and make life easy is to install the prettier extension on vscode (and make sure it's set to format on save), once you hit save you will see what I mean by the code being more neat ๐
.
if you have any trouble getting prettier to work on your vscode ask a mentor
https://github.com/webAhead1/onShop/blob/master/server.js#L73
This is very dangerous because it's prone to an sql injection, I'll give an example of what is the problem.
In the following query you are a taking an email that a user has written down and adding it to the db, but what if the user is a hacker that instead of writing a valid email wrote the following 1; DROP DATABASE; --
. the 1;
is to stop the current command and write a new one, the new command DROP DATABASE;
(this is not the correct syntax but you get the point) would delete the database and all of our tables, and then the --
would comment out the rest of the query.
refer to this workshop on how to fix this https://github.com/WebAhead/learn-node-postgres#sql-injection
https://github.com/webAhead1/onShop/blob/master/server.js#L45-L57
the controller or handler that I linked above has no response, when you call this the server would hang or get stuck
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.