ring

Malik Kennedy 2020-09-17T15:00:26.022500Z

db/get-paste-by-id is giving me a 'spicy' edn file with a #object i dunno how to (and don't want to) print.

Malik Kennedy 2020-09-17T15:00:48.023Z

(http/defroutes main-routes
  (http/GET "/" [] (views/index-page))
  (http/POST "/" req  
    (if (empty? (:body (:params req)))
      (views/index-page)
      (do
        (let [ins (db/create-paste req)
              id (db/get-last-paste)]      
          (str ixio/url(:id (first id)) "\n"
            #_req)))))
  (http/GET "/favicon.ico" []
    "Hello World") 
  (http/GET "/:id" [id]
    (views/individual-paste id)
    #_(db/get-pastes-by-id id))
  (route/resources "/")
  (route/not-found "Page not found"))

(defn get-paste-by-id [id]
  (let [query-string (str "SELECT id,body FROM pastes WHERE id="id ";")]
    (query my-db [query-string])))

(defn individual-paste [row]
  (page/html5
    (:body
     (clojure.edn/read-string 
       (str (first (db/get-paste-by-id row)))))))

Malik Kennedy 2020-09-23T16:59:26.000400Z

Just now seeing this. Thank you for the safety advice!

Malik Kennedy 2020-09-17T15:01:28.023700Z

Prints out a bunch of stuff but I think the offending object is

:body #object[org.eclipse.jetty.server.HttpInput 0x451be3bd "org.eclipse.jetty.server.HttpInput@451be3bd"]
And when I try to turn the string into an edn format it complains about #object

seancorfield 2020-09-17T20:29:39.023900Z

@mksybr This is very unsafe:

(let [query-string (str "SELECT id,body FROM pastes WHERE id="id ";")]
    (query my-db [query-string]))
You're opening yourself up to SQL injection attacks by doing that. Do thing instead, so you get a parameterized SQL query:
(query my-db ["SELECT id,body FROM pastes WHERE id = ?" id])
You should always use parameterized queries, instead of constructing an entire SQL string that includes its parameters!

❤️ 1