Returning posgreSQL database records with user input

Question

I am faced with a blocker in my Node/express application.

I want to return data from a postgresSQL database table, but doing that with the query parameter passed by a user...

Assume the following:

• db is a postgresSQL database pool connection.

• Trips table is already created and populated with trips having their destination value as "Nigeria".

Below is my model and controller code.

model.js

const getTrips = async ( column, value )=> {
  const query = 'SELECT * FROM trips WHERE $1 = $2';

  const { rows } = await db.query ( query, [value] );

  return rows;
}

controller.js

const getTrips = async ( req, res) => {
  const { destination } = req.query;

   const result = await Trips.getTrips( 'destination' destination );

   console.log( result.length )
}

Issue am faced with

Url = http://.../?destination="Nigeria"

When I pass the destination query parameter from the user directly , like this Trips.getTrips('destination', destination ), an empty array is returned.

However if the string equivalent of the query parameter value is passed, like this Trips.getTrips('destination', 'Nigeria'), an array with the Trips matching Nigeria as destination is returned.

Checks have done

• console.log(typeof destination) // returns string.

• console.log (destination) // returns "Nigeria"

Question

1. Why is passing the parameter directly not returning the appropriate records and passing its string equivalent returns appropriate records?

Answer 1

Try taking away the quotes in your URL query (Url = http://.../?destination=Nigeria). It seems like you're querying for "Nigeria" literally (quotes included). Does this help?