Use prepared statement for limit/offset when getting multiple users a…

…nd order them by userId.
ftab · Aug 2, 2024 · ecc1de1 · ecc1de1
1 parent 4cb1d79
commit ecc1de1
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 3 deletions.
diff --git a/config.js.example b/config.js.example
@@ -6,7 +6,7 @@ const config = {
     database: "ircbot",
     connectTimeout: 60000
   },
-  listPerPage: 100,
+  listPerPage: '100',
 };
 
 module.exports = config;
diff --git a/helper.js b/helper.js
@@ -1,5 +1,5 @@
 function getOffset(currentPage = 1, listPerPage) {
-  return (currentPage - 1) * [listPerPage];
+  return '' + (currentPage - 1) * [listPerPage];
 }
 
 function emptyOrRows(rows) {

diff --git a/services/users.js b/services/users.js
@@ -6,7 +6,8 @@ async function getMultiple(page = 1){
   const offset = helper.getOffset(page, config.listPerPage);
   const rows = await db.query(
     `SELECT userId, nickname
-    FROM user LIMIT ${offset},${config.listPerPage}`
+    FROM user ORDER BY userId LIMIT ?,?`,
+    [offset, config.listPerPage]
   );
   const data = helper.emptyOrRows(rows);
   const meta = {page};