raul
/
drahoot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check if ID is valid number before processing

This commit is contained in:
raul 2024-12-12 11:25:22 +01:00
parent da654e571b
commit 304eb928eb
Signed by: raul
GPG Key ID: C1AA797073F17129
1 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
cmd/serverFunc.go
View File

@ -7,6 +7,7 @@ import (
"fmt" "fmt"
"log" "log"
"net/http" "net/http"
"strconv"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
_ "github.com/lib/pq" _ "github.com/lib/pq"
@ -119,7 +120,14 @@ func deleteUser(c *gin.Context) {
id := c.Param("userid") id := c.Param("userid")
dynStmt := `DELETE FROM usuarios WHERE id_usuario = $1` dynStmt := `DELETE FROM usuarios WHERE id_usuario = $1`
_, err := db.Exec(dynStmt, id) _, err := strconv.Atoi(id)
if err != nil {
e := fmt.Sprintf("Invalid identifier")
c.IndentedJSON(http.StatusNotFound, setResponse(e, false))
return
}
_, err = db.Exec(dynStmt, id)
if err != nil { if err != nil {
e := fmt.Sprintf("Something went wrong trying to delete the user: %v", err) e := fmt.Sprintf("Something went wrong trying to delete the user: %v", err)
log.Println(e) log.Println(e)
@ -169,9 +177,17 @@ func setResponse(content any, success bool) response {
func getUser(c *gin.Context) { func getUser(c *gin.Context) {
id := c.Param("userid") id := c.Param("userid")
_, err := strconv.Atoi(id)
if err != nil {
e := fmt.Sprintf("Invalid identifier")
c.IndentedJSON(http.StatusNotFound, setResponse(e, false))
return
}
user := user{} user := user{}
dynStmt := `SELECT id_usuario,nombre,apellido1,apellido2,email,rol FROM usuarios WHERE id_usuario = $1` dynStmt := `SELECT id_usuario,nombre,apellido1,apellido2,email,rol FROM usuarios WHERE id_usuario = $1`
err := db.QueryRow(dynStmt, id).Scan(&user.Id, &user.Name, &user.Surname1, &user.Surname2, &user.Email, &user.AccountType) err = db.QueryRow(dynStmt, id).Scan(&user.Id, &user.Name, &user.Surname1, &user.Surname2, &user.Email, &user.AccountType)
if err != nil { if err != nil {
if err == sql.ErrNoRows { if err == sql.ErrNoRows {
c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false)) c.IndentedJSON(http.StatusNotFound, setResponse("User not found", false))