How to prevent insert of data that is passed using query string in sails.js for post request?

Question

I have created new table in mysql also created model and controller in sails.js. Now I am trying to insert data using sails. As we know when we create new modal in sails it will create new post, get and other api for us by default.

Now I am trying to insert data using post api using query string and request.body and both are working But I need to insert data into db that is passed using request.body instead of request.querystring data in post request. How can I do it???

Post data using query string in post request => working fine

Post data using request.body in post request => working fine (I want to insert data using this way only)

Same question I asked here https://gitter.im/balderdashy/sails and https://github.com/balderdashy/sails/issues/6918

if you pass data using POST request, then u can get using `req.body` — Devsi Odedra, Dec 30 '19 at 05:12
@DevsiOdedra I know that we can do when we create api endpoint manually but here i haven't created endpoint it is created by sails. (I created model and controller by command line). — baj9032, Dec 30 '19 at 12:42

Emiliano Romero Carranza · Answer 1 · 2020-02-04T02:13:28.420

0

sails uses Waterline, this performs sanitation by itself, you should be fine whenever you are using some of this built-in model methods:

.find()
.findOne()
.updateOne() 
.archiveOne()
.destroyOne()
.create()
.createEach()
.count()
.sum()
.avg()
.addToCollection()
.removeFromCollection()

As an extra layer of security you can check that the providing data types are correct and verify range, characters, etc. There are also policies which allow you to restrict certain actions to logged-in users only.

hope this was helpful :)

edited Feb 04 '20 at 02:13

answered Feb 04 '20 at 01:30

Emiliano Romero Carranza

38
8

1

While these links may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes – Muhammad Dyas Yaskur Feb 04 '20 at 01:51
@MuhammadDyasYaskur there I added a list with the built-in model methods that answer the core issue of the question. The rest of information in those links is to wide and not strictly necessary. – Emiliano Romero Carranza Feb 04 '20 at 02:17

score -1 · Answer 2 · edited Feb 06 '20 at 07:22

-1

When you create an API by command line, you'll get an API that lets you search, paginate, sort, filter, create, destroy, update, and associate. Since these blueprint actions are built-in Sails. You can override these actions by yourself. Find more at in Sails.js Documentation

edited Feb 06 '20 at 07:22

Matheus Rocha

1,152
13
22

answered Feb 06 '20 at 03:50

Ha Le

1
2

How to prevent insert of data that is passed using query string in sails.js for post request?

2 Answers2