当前位置: 文江博客话题详情

日期时间字段不允许在请求中使用 NULL 值,但是查询通过 PostgreSQL 可以正常工作,如何修复?

发布于 2025-01-12 08:08:20 字数 3393 浏览 1 评论 0原文

我有一个工作应用程序,可以通过五个阶段跟踪申请人的招聘流程。我正在尝试调整它,以便用户可以手动输入日期,而不是让程序通过时间戳自动破译它。

我遇到的问题是,在某些情况下,日期应该为 NULL(因为这部分过程尚未完成。)当我直接在 PostgreSQL 中运行查询时,这没有问题,如下所示 输入图片此处的描述

但是,您将在这里看到,来自邮递员的具有空值的请求会呈现错误。我的后端代码具有与上面相同的查询,并且工作得很好,直到我尝试允许传递空值。为什么会这样??

输入图片此处描述

我的后端代码如下

const { validationResult } = require("express-validator");
const { queryInstance } = require("../db/connection");


/*GET ALL DATE REQUEST*/
const getApplicants = async (req, res) => {
  try {
    const applicants = await queryInstance('SELECT * from applicants');
    res.json({ applicants });
  } catch (err) {
    console.error(err.message);
    return res.status(500).send(err.message);
  }
};

/*UPDATE STATUS DATA REQUEST*/
const updateApplicants = async (req, res) => {
  try {
    const applicant_id  = req.params.applicant_id;
    const {recruiterscreen_completion, backgroundcheck_completion, interview_completion, paperwork_completion, drugscreen_completion, testing_completion} = req.body
    
    const applicants = await queryInstance(`UPDATE applicants SET recruiterscreen_completion = '${recruiterscreen_completion}', testing_completion='${testing_completion}', interview_completion='${interview_completion}', backgroundcheck_completion='${backgroundcheck_completion}', drugscreen_completion='${drugscreen_completion}', paperwork_completion='${paperwork_completion}' WHERE applicant_id = '${applicant_id}' returning *`);
    
    res.json({ applicants })
  } catch (err) {
    console.error(err.message);
    return res.status(500).send(err.message);
  }
};



/*ADD NEW APPLICANT REQUEST*/
const addApplicant = async (req, res) => {
  const errors = validationResult(req);

  if (!errors.isEmpty()) {
    return res.status(400).json({ errors: errors.array() });
  }

  const { store, first_name, last_name, position, recruiterscreen_completion,testing_completion,backgroundcheck_completion,interview_completion,drugscreen_completion,paperwork_completion, date_in } = req.body;

  try {
    const applicants = await queryInstance(`INSERT INTO applicants (store, first_name,last_name,position, recruiterscreen_completion,testing_completion,backgroundcheck_completion,interview_completion,drugscreen_completion,paperwork_completion, date_in) VALUES ('${store}', '${first_name}', '${last_name}', '${position}', '${recruiterscreen_completion}', '${testing_completion}', '${backgroundcheck_completion}','${interview_completion}','${drugscreen_completion}','${paperwork_completion}','${date_in}') RETURNING *`);
    res.json({ applicants });
  } catch (err) {
    console.error(err.message);
    return res.status(500).send(err.message);
  }
}; 


/*DELETE APPLICANT REQUEST*/
const deleteApplicant = async (req, res) => {
  try {
    const applicant_id = req.params.applicant_id;
    const applicants = await queryInstance(`DELETE FROM applicants WHERE applicant_id = '${applicant_id}' RETURNING *`);
    res.json({ applicants });
  } catch (err) {
    console.error(err.message);
    return res.status(500).send(err.message);
  }
};



module.exports = 
{deleteApplicant,getApplicants,updateApplicants,addApplicant}
原文

I have a working application that tracks the hiring process of applicants through five stages. I am trying to adjust it so that the user can manually enter a date rather than having the program automatically decipher it via a timestamp.

The problem I am having is there are scenarios where a date should be NULL (because this part of the process is not yet completed.) This is no issue when I run the query directly in PostgreSQL as seen below
enter image description here

However, you will see here, that a request from postman with a null value renders an error. My back end code features the same exact query as above and was working just fine until I tried to allow the passing of a null value. Why would this be??

enter image description here

My backend code is below

const { validationResult } = require("express-validator");
const { queryInstance } = require("../db/connection");


/*GET ALL DATE REQUEST*/
const getApplicants = async (req, res) => {
  try {
    const applicants = await queryInstance('SELECT * from applicants');
    res.json({ applicants });
  } catch (err) {
    console.error(err.message);
    return res.status(500).send(err.message);
  }
};

/*UPDATE STATUS DATA REQUEST*/
const updateApplicants = async (req, res) => {
  try {
    const applicant_id  = req.params.applicant_id;
    const {recruiterscreen_completion, backgroundcheck_completion, interview_completion, paperwork_completion, drugscreen_completion, testing_completion} = req.body
    
    const applicants = await queryInstance(`UPDATE applicants SET recruiterscreen_completion = '${recruiterscreen_completion}', testing_completion='${testing_completion}', interview_completion='${interview_completion}', backgroundcheck_completion='${backgroundcheck_completion}', drugscreen_completion='${drugscreen_completion}', paperwork_completion='${paperwork_completion}' WHERE applicant_id = '${applicant_id}' returning *`);
    
    res.json({ applicants })
  } catch (err) {
    console.error(err.message);
    return res.status(500).send(err.message);
  }
};



/*ADD NEW APPLICANT REQUEST*/
const addApplicant = async (req, res) => {
  const errors = validationResult(req);

  if (!errors.isEmpty()) {
    return res.status(400).json({ errors: errors.array() });
  }

  const { store, first_name, last_name, position, recruiterscreen_completion,testing_completion,backgroundcheck_completion,interview_completion,drugscreen_completion,paperwork_completion, date_in } = req.body;

  try {
    const applicants = await queryInstance(`INSERT INTO applicants (store, first_name,last_name,position, recruiterscreen_completion,testing_completion,backgroundcheck_completion,interview_completion,drugscreen_completion,paperwork_completion, date_in) VALUES ('${store}', '${first_name}', '${last_name}', '${position}', '${recruiterscreen_completion}', '${testing_completion}', '${backgroundcheck_completion}','${interview_completion}','${drugscreen_completion}','${paperwork_completion}','${date_in}') RETURNING *`);
    res.json({ applicants });
  } catch (err) {
    console.error(err.message);
    return res.status(500).send(err.message);
  }
}; 


/*DELETE APPLICANT REQUEST*/
const deleteApplicant = async (req, res) => {
  try {
    const applicant_id = req.params.applicant_id;
    const applicants = await queryInstance(`DELETE FROM applicants WHERE applicant_id = '${applicant_id}' RETURNING *`);
    res.json({ applicants });
  } catch (err) {
    console.error(err.message);
    return res.status(500).send(err.message);
  }
};



module.exports = 
{deleteApplicant,getApplicants,updateApplicants,addApplicant}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

花开浅夏 2025-01-19 08:08:20

由于您在代码语句中使用引号 ' 的方式:

SET recruiterscreen_completion = '${recruiterscreen_completion}'

您用于 NULL 的 SQL 片段没有引号并且工作正常。您的代码应该根据输入处理引用。我对Reactjs一无所知,但你的代码也可能容易受到SQL注入的攻击,请检查你的代码是否使用了准备好的语句。如果是这样,为什么当您使用 NULL 值时会失败。

Because of the way you use quotes ' in your code statement:

SET recruiterscreen_completion = '${recruiterscreen_completion}'

The piece of SQL that you used for the NULL, is without the quotes and works fine. Your code should handle the quoting, depending on the input. I have no knowledge about Reactjs, but your code might vulnerable to SQL injection as well, please check if your code is using prepared statements. And if so, why it fails when you're using a NULL value.

回复 原文
~没有更多了~

关于作者

谎言

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

峩卟喜欢

文章 0 评论 0

一向肩并

文章 0 评论 0

潜伏

文章 0 评论 0

dongyinghao

文章 0 评论 0

百变从容

文章 0 评论 0

沧笙踏歌

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文