2

I've got a pretty simple situation that's got me puzzled. I'm passing a parameter to an express http get function. It's used in a query, so I'm making sure it's a number (and thus I'm safe from SQL injection).

Due to my client data structure, I convert these numbers to strings. So I accidentally passed a string instead of a number. It caused my application to pass, as invoiceId evaluated to undefined, and the query failed.

To protect against this, I have added a null check. Here's a working example (with some messing about so there's no compile error casting a string to a number):

(Note, it was discovered the value was being passed as the string value "undefined", hence the confusion. I still have the issue of not being able to catch it as typescript forbids me from checking if invoiceId is a string value as it should be a number. I assumed is enforced type!)

class IBadInput { value: any };

var badInput = { value: "undefined" } as IBadInput;
var invoiceId = badInput.value as number;

if (typeof invoiceId == 'undefined' || invoiceId == null)
{
  console.log("inoice id not provided");
}

console.log("getting for invoice", invoiceId);

However, in the situation where a string invoiceId is provided, it doesn't not trigger the invoiceId == null statement. This is the output:

getting for invoice undefined

I've tried checking invoiceId == undefined, and typeof invoiceId == null just if(invoiceId) to check if it's "truthy" but everything get's passed this check.

Any idea why, and how I can catch it?

Joe
  • 6,773
  • 2
  • 47
  • 81
  • 2
    What about ``typeof invoiceId == 'undefined'`` ? – Ditto Feb 27 '17 at 23:43
  • http://stackoverflow.com/questions/27509/detecting-an-undefined-object-property – david25272 Feb 27 '17 at 23:47
  • I have some difficulty believing that what you're asserting can actually be happening. Is that *really* what your code looks like? The `==` operator is explicitly defined to treat `undefined` and `null` as equal. What you're claiming is that your JavaScript runtime has a critical bug in a very basic part of the language, and that simply seems dubious. – Pointy Feb 27 '17 at 23:47
  • I've added a working example. I suspect it's a typescript issue around the "is" operator? – Joe Feb 27 '17 at 23:48
  • typeof invoiceId == 'undefined' doesn't work either, see edit (no wait, i this this is not correct) – Joe Feb 27 '17 at 23:48
  • 1
    Note also that if the value of the string were actually the **string** `"undefined"`, your `console.log()` output would look precisely the same. – Pointy Feb 27 '17 at 23:49
  • I think that might be the issue. The http call is being called with an undefined number, this is being sent and then on the server converted back to "undefined" string. I'm confused as to how the number value invoiceId is allowed to contain the string "undefined" though. – Joe Feb 27 '17 at 23:53
  • 1
    Typescript actually prevents me from checking invoiceId == "undefined" because invoiceId should be a number! – Joe Feb 27 '17 at 23:54

1 Answers1

4

I still have the issue of not being able to catch it as typescript forbids me from checking if invoiceId is a string value as it should be a number.

One approach is to check whether the value is of type number or has a null value. 

let input: any = "Some string";
let invoiceId = input as number;

if (typeof invoiceId !== 'number' || invoiceId === null)
{ 
    document.write(invoiceId.toString() + ' is of type ' + (typeof invoiceId));
    document.write(" and needs to be a non-null value of type number.")
}

Output: 

Some string is of type string and needs to be of type number.

Any idea why...

Casting to a number happens only at compile time and has no impact at runtime. If the client application inputs a string at runtime, then the variable will be a string at runtime, which is neither a typeof undefined nor null.

You can find out more by running the above in TypeScript play.

Shaun Luttin
  • 133,272
  • 81
  • 405
  • 467