-1

I have a url that redirects to another url after payment success. How can I get the parameters from the redirected url to update the database?

Example of redirected url: http://localhost:8888/success.html?id=3LS234170M9827257

Insert "3LS234170M9827257" into the database.

Currently I assume it is here: but it is not working.

app.get("/success", function (req, res) {
  const user_id = req.query.id;
  res.send(req.query.id);

 var sql = "INSERT INTO records (transid) VALUES (id)";
  con.query(sql, function (err, result) {
    if (err) throw err;
    console.log("1 record inserted");
  });

});

I need help in getting the id from the redirected url parameters and inserting into the database.

Server.js

import express from "express";
import * as paypal from "./paypal-api.js";
import mysql from "mysql";

const {PORT = 8888} = process.env;

const app = express();

app.use(express.static("public"));

// parse post params sent in body in json format
app.use(express.json());

var mysqlConnection = mysql.createConnection({
  host: "localhost",
  user: "xxx",
  password: "xxx",
  database:"xxx"
});

mysqlConnection.connect(function(err) {
  
  if (err) {
    return console.error('error: ' + err.message);
  }
  console.log('Connected to the MySQL server.');
});


app.post("/my-server/create-paypal-order", async (req, res) => {
  try {
    const order = await paypal.createOrder();
    res.json(order);
  } catch (err) {
    res.status(500).send(err.message);
  }
});

app.post("/my-server/capture-paypal-order", async (req, res) => {
  const { orderID } = req.body;
  try {
    const captureData = await paypal.capturePayment(orderID);
    res.json(captureData);
  } catch (err) {
    res.status(500).send(err.message);
  }
});


app.get("/success", function (req, res) {
  const user_id = req.query.id;
  res.send(req.query.id);
});
  
app.listen(PORT, () => {
  console.log(`Server listening at http://localhost:${PORT}/`);
});
Lawrence
  • 165
  • 8
  • can you log the user_id to see if you are getting it in the server. also in the query you need to pass the values to insert. use prepared statements for that to prevent SQL injections `var sql = "INSERT INTO records (transid) VALUES (?)"; con.query(sql, [user_id], function (err, result)....` – cmgchess Mar 12 '23 at 08:16
  • @cmgchess I am not even getting the id from the url. – Lawrence Mar 12 '23 at 08:34

1 Answers1

-1

You are correctly getting id from req.query. However, you are using res.send() right after you get the id. Any code after res.send() is ignored and therefore not executed.

Another thing to mention is that you are not passing the id to SQL query. You should pass the id into values:

app.get("/success", function (req, res) {
  const user_id = req.query.id;

 var sql = `INSERT INTO records (transid) VALUES (${user_id}`);
  con.query(sql, function (err, result) {
    if (err) throw err;
    console.log("1 record inserted");
  });
 res.send(`1 record [${user_id}] inserted`);
});
jkalandarov
  • 564
  • 5
  • 15
  • doesn't res.send just send back the response but still run the code below after that. it just closes the HTTP connection? – cmgchess Mar 12 '23 at 07:04
  • It works as `return`. – jkalandarov Mar 12 '23 at 07:06
  • 2
    since return is not used the code should run https://stackoverflow.com/questions/16180502/why-can-i-execute-code-after-res-send – cmgchess Mar 12 '23 at 07:11
  • It is not related to the question. How are you supposed to write a transaction to db when HTTP connection is closed? – jkalandarov Mar 12 '23 at 07:56
  • but the function still runs so technically the db write can be done. I also have a server deployed that does web scraping but closes the HTTP connection so that the endpoint doesn't timeout, the tasks still continue to run. btw the downvote is not from me lol :D – cmgchess Mar 12 '23 at 08:06
  • This is simply incorrect; the `res.send()` is just a function call, and it does not "work as `return`". – Pointy Mar 12 '23 at 12:39
  • The problem with the database call is that `id` is referred to as if it were a column name in the query. The value of the variable should be included in the query after appropriate escaping. – Pointy Mar 12 '23 at 12:40