0

i get a problem with my node.js application , it returns TypeError: Cannot read property 'role' of undefined which is after i put filter role in my hardcode , The code like this in my router

 var query1 = "SELECT payment_data .*, users.id as id_user , email , users.id_role as role FROM payment_data INNER JOIN users ON payment_data.username = users.username WHERE payment_data.username = '" + req.user.username + "' and transaction_code = " + connection.escape(req.params.tagihan) + "";
    connection.query(query1,function(err,rows){
        if (err){
            res.render('error',{
                responseCode : res.statusCode,
                error : 'Terjadi Kesalahan',
                message : err
            });
            res.end();
        }
        if (rows.length < 1){
            console.log(rows.length);
            res.render('error',{
                responseCode : res.statusCode,
                error : 'Terjadi kesalahan',
                message : err
            });
        }
        if (rows[0].role == "santri"){
            var querySantri = "SELECT * FROM data_santri WHERE id_user = " + rows[0].id_user + "";
            connection.query(querySantri,function(errDua,rowsDua){
                if (errDua){
                    res.render('error',{
                        responseCode : res.statusCode,
                        error : 'Terjadi Kesalahan',
                        message : errDua
                    }); 
                    res.end();
                }
                if (!rowsDua.length){
                    res.redirect('/beranda');
                    res.end();
                }
                var pdd = [];
                for(row in rows){
                    var pdd = rows[row];
                }
                var tghn = {
                    nama_lengkap : rowsDua[0].nama_lengkap,
                    email : rows[0].email,
                    alamat : rowsDua[0].alamat,
                    username : rows[0].username,
                    id_tagihan : rows[0].id,
                    nomor_tagihan : rows[0].transaction_code,
                    total_tagihan : rows[0].payment_total,
                    status_transaksi : rows[0].transaction_status,
                    tanggal_transaksi : rows[0].transaction_date,
                    channel_transaksi : rows[0].payment_channel,
                    data : pdd
                }
                // res.write(JSON.stringify(rows));
                // res.end();
                res.render('informasi/tagihan',{
                    auth: req.user,
                    tagihan : tghn,
                    moment : moment
                });
                res.end();
            });
        }else{
            console.log('else');
        }
    });

something strange in this debug is after the rendering view success , it shows normally , but in the end of the console return error so when i refresh my url again, my server goes down cause app crashed.

and another strange if the first time go to the url nothing happened, it means he accepted the rules of my filter 'role' so why it can rendered ?

and last thing if i put console log to returns a row, it returns 0 . why? actually there's row in that query.

Abdan Syakuro
  • 1,034
  • 2
  • 12
  • 26
  • 1
    Please learn Prepared Statements, this will have SQL Injection in no time. – skiilaa Jul 05 '17 at 13:59
  • thankyou , i use prepared statements by escaping values when i use insert statement or update statement. – Abdan Syakuro Jul 05 '17 at 14:01
  • 1
    You need to use it in `SELECT` statements too. I could easily put in `test'; DROP ALL DATABASES; --` as my username and wreck you server. – skiilaa Jul 05 '17 at 14:05
  • 1
    oh oke thankyou i'm going to use it again . i realize that after u suggest me. thankyou ! – Abdan Syakuro Jul 05 '17 at 14:28
  • solved by following this instruction https://stackoverflow.com/questions/34983520/express-js-routing-error-cant-set-headers-after-they-are-sent – Abdan Syakuro Jul 12 '17 at 06:18

0 Answers0