PostgresSQL
hey guys im currently trying to learn post gres i was wondering if anyone knows any good tutorials or resources online for best practices and structuring in BE using Fastify
im currenly trying to set up a dynamic update route and thinking of doing something like this
let updateKeys =[]
let updateValues=[]
Object.entries(updateFields).forEach(([key, value]) => {
updateKeys .push(
${key} = $${updateValues.length + 1});
updateValues.push(value);
});
const query = {
text:
UPDATE users
SET ${updateColumns.join(', ')}
WHERE id = $${updateValues.length + 1}
,
values: [...updateValues, userId],
};
const result = await db.query(query);
return reply.code(200).send({ message: 'User updated successfully', data: result.rows })
not sure how good it is though , just things like that i want to have a good resource for if anyone knows anything1 Reply
if
updateFields is user-controlled, you have an sql injection vulnarability here
I would just use a query builder/orm for this
something like Kysely