How do I pass a variable from client side NodeJS to server side?

Question

I have constructed a variable containing the SQL statement in my client-side

var sql = "SELECT * FROM restaurant WHERE (areaCategory" + " " + area + ")" + "AND (cuisineCategory" + " " + cuisine + ") AND (priceCategory" + " " + price +")"

How can I export this SQL statement from client-side to server-side in order to do send this statement? The SQL statement varies depending on situations, hence I have to create a variable.

Answer 1

Well, as mentioned by @Aley, You really don't want a client to have full access to your database!

Instead I would send the params to the server using an AJAX call or a form, then use prepared statements on server side

AJAX

You might want to use a library like axios and make a Ajax call with post method:

//client side
axios.post('/restaurant', {
    area: areaCategory,
    cuisine: cuisineCategory
  })
  .then(function (response) {
    console.log(response);
  })
  .catch(function (error) {
    console.log(error);
  });

Forms

Forms should be self-explanatory

<!--client side-->
<form method="post" action=/restaurant">

<input type="text" name="area" placeholde="Area…">
<input type="text" name="cuisine" placeholde="Cuisine……">
<input type="submit">
</form>

Prepared statements

As there are many different databases with different interfaces, here are some links:

Does SQLite3 have prepared statements in Node.js?

Preventing SQL injection in Node.js

How do I create a prepared statement in Node.JS for MSSQL?