Fork me on GitHub
Malik Kennedy15:09:26

db/get-paste-by-id is giving me a 'spicy' edn file with a #object i dunno how to (and don't want to) print.

Malik Kennedy15:09:48

(http/defroutes main-routes
  (http/GET "/" [] (views/index-page))
  (http/POST "/" req  
    (if (empty? (:body (:params req)))
        (let [ins (db/create-paste req)
              id (db/get-last-paste)]      
          (str ixio/url(:id (first id)) "\n"
  (http/GET "/favicon.ico" []
    "Hello World") 
  (http/GET "/:id" [id]
    (views/individual-paste id)
    #_(db/get-pastes-by-id id))
  (route/resources "/")
  (route/not-found "Page not found"))

(defn get-paste-by-id [id]
  (let [query-string (str "SELECT id,body FROM pastes WHERE id="id ";")]
    (query my-db [query-string])))

(defn individual-paste [row]
       (str (first (db/get-paste-by-id row)))))))


@U010A2QSG9H This is very unsafe:

(let [query-string (str "SELECT id,body FROM pastes WHERE id="id ";")]
    (query my-db [query-string]))
You're opening yourself up to SQL injection attacks by doing that. Do thing instead, so you get a parameterized SQL query:
(query my-db ["SELECT id,body FROM pastes WHERE id = ?" id])
You should always use parameterized queries, instead of constructing an entire SQL string that includes its parameters!

❤️ 3
Malik Kennedy16:09:26

Just now seeing this. Thank you for the safety advice!

Malik Kennedy15:09:28

Prints out a bunch of stuff but I think the offending object is

:body #object[org.eclipse.jetty.server.HttpInput 0x451be3bd "[email protected]"]
And when I try to turn the string into an edn format it complains about #object