我有 Azure Function App 函数,用于从应用程序到 SQL 数据库的 API 调用。我正在尝试使用参数化查询来保护数据库免受SQL注入(inject)的侵害。我已经能够在 SELECT 和 INSERT 等查询语句上执行此操作,但在使用 DELETE 语句时遇到了麻烦。我不断收到 500 响应,并显示错误消息必须声明标量变量“@agencyId”。我正在声明该变量,所以我不确定它为什么这么说。有人有想法或更好的方法吗?
const userName1 = process.env["DB_USERNAME"];
const password1 = process.env["DB_PASSWORD"];
const server1 = process.env["DB_SERVER"];
const database1 = process.env["DB_NAME"];
module.exports = async function (context, req) {
context.log('JavaScript HTTP trigger function processed a request.');
if (!req.body || !req.body.AGENCY_ID) {
context.res = {
status: 400,
body: "Please provide a valid AGENCY_ID in the request body."
};
return;
}
const parameters = [
{ name: 'agencyId', sqlType: sql.Int, value: req.body.AGENCY_ID }
];
const query = 'DELETE FROM Agency_Defs WHERE AGENCY_ID = @agencyId;';
var dbConfig = {
server: server1,
database: database1,
user: userName1,
requestTimeout: 600000,
password: password1,
port: 1433,
options: {
encrypt: true
}
};
try {
await sql.connect(dbConfig);
const result = await sql.query(query, parameters);
context.res = {
body: result
};
} catch (error) {
context.res = {
status: 500,
body: error.message
};
}
}
最佳答案
使用此代码删除 Items SQL Server
const sql = require('mssql');
const config = {
user: 'sampath125',
password: 'Ra@80muravi',
server: 'sampath234',
database: 'sampath',
};
module.exports = async function (context, req) {
try {
await sql.connect(config);
const { agencyId } = req.body;
if (!agencyId) {
context.res = {
status: 400,
body: 'Please provide the agencyId in the request body.',
};
return;
}
const query = `DELETE FROM Agency_Defs WHERE AGENCY_ID = @agencyId`;
const request = new sql.Request();
request.input('agencyId', sql.Int, agencyId);
const result = await request.query(query);
await sql.close();
context.res = {
status: 200,
body: `Deleted ${result.rowsAffected[0]} records successfully!`,
};
} catch (err)
{
context.res = {
status: 500,
body: err.message,
};
}
};
使用 MSSQL Server:
使用 Azure SQL Server:
关于Azure Function App 中的 SQL 注入(inject)保护错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/76775161/