Insert form data into mysql database table using node.js and sequelize

Question

I have a NodeJS app and I want to insert some data from a form into a table of my MySQL-database by using the sequelize()-method.

So here is my form

<form id="addVideo" method="post">
    <input type="url" name="video_url" required></input>
    <input type="hidden" value="" name="artist_id"></input>
    <input type="hidden" value="youtube" name="type"></input>
</form>

My post function:

$('form#addVideo').submit(function(e){
    e.preventDefault();

    var form = $(this);
    var jsonvideoFormData = utils.serializeToJSON(form);
    var xhrData = _.pick(jsonvideoFormData, 'video_url', 'artist_id', 'type');

    api.post('/videos', xhrData, function(response){
       alert('Video has been added!');
    });
});

Then the backend code looks like this:

exports.addVideo = function(req, res, next){

  var videoURL = req.body.video_url;
  var artistId = req.body.artist_id;
  var type = req.body.type;

  db.sequelize.query('INSERT INTO social_urls (artist_id,urls,type) VALUES('artistId','videoURL','type')', function(err) {
    if(err){
        return res.json(400, {response: {code: 400, message:'An error appeared.'}});
    } else{
       console.log('succes');
       res.json(201, {response: {code: 201, message: 'Video has been added'}});
    }   

  });

}

But for some reason I do not know this is not working. Can anyone help me out?

Many thanks!!

Answer 1

this is the actual query to save the data. Steps 2 & 3.

  var videoURL = req.body.video_url;
  var artistId = req.body.artist_id;
  var type = req.body.type;

    models.socialUrls.build({ 
            artist_id: artistId, 
            urls: videoURL, 
            type: type
        })
          .save()
          .then(anotherTask => {
            console.log('the data saved!');
            // you can now access the currently saved task with the variable anotherTask... nice!
          })
          .catch(error => {
            console.log('uh oh something wasn't right!');
            console.log(error);
            // Ooops, do some error-handling
          })

If you check out the sequelize docs here: http://docs.sequelizejs.com/manual/tutorial/instances.html

There are 3 steps to saving the data.

1. Creating the model
2. Creating the instance, a.k.a data object within your callback. This is what gets sent to sequelize method to send to db.
3. Calling the .save() method.

After that you can handle the errors with .catch()

From what it looks like your problem is in your backend code. Make sure your model is correct and the data from your form is getting sent. Once you are sure of that you only need to do steps 2 and 3.

Answer 2

I am not an expert in sequelize, but I see there code prone to SQL Injection.

This is wrong:

db.sequelize.query('INSERT INTO social_urls (artist_id,urls,type) VALUES('artistId','videoURL','type')', function(err)

It should be, at least:

db.sequelize.query("INSERT INTO social_urls (artist_id,urls,type) VALUES('" + artistId + "','" + videoURL + "','" + type + "')'", function(err)

But really, I think you should be doing something like this:

var SocialUrl = sequelize.define('SocialUrl', {
  videoURL: Sequelize.STRING,
  artistId: Sequelize.STRING,
  type:     Sequelize.STRING
}, {
  tableName: 'social_urls',
  timestamps: false
});

SocialUrl
  .create({
    videoURL: videoURL,
    artistId: artistId,
    type: type
  })
  .complete(function(err, socialUrl) {
    if (err) {
      // log error;
    } else {
      // Do stuff
    }
  })

Answer 3

You don't have to JSON serialize data. You can just post the data.

<form id="addVideo" method="post" action="/videos">
    <input type="url" name="video_url" required></input>
    <input type="hidden" value="" name="artist_id"></input>
    <input type="hidden" value="youtube" name="type"></input>
</form>

Remeber to use body-parser

app.use(require("body-parser")());

Now req.body.video_url should have the expected data.