How to prevent insert of data that is passed using query string in sails.js for post request?

Question

I have created new table in mysql also created model and controller in sails.js. Now I am trying to insert data using sails. As we know when we create new modal in sails it will create new post, get and other api for us by default.

Now I am trying to insert data using post api using query string and request.body and both are working But I need to insert data into db that is passed using request.body instead of request.querystring data in post request. How can I do it???

1. Post data using query string in post request => working fine

2. Post data using request.body in post request => working fine (I want to insert data using this way only)

   

Same question I asked here https://gitter.im/balderdashy/sails and https://github.com/balderdashy/sails/issues/6918

Answer 1

sails uses Waterline, this performs sanitation by itself, you should be fine whenever you are using some of this built-in model methods:

.find()
.findOne()
.updateOne() 
.archiveOne()
.destroyOne()
.create()
.createEach()
.count()
.sum()
.avg()
.addToCollection()
.removeFromCollection()

As an extra layer of security you can check that the providing data types are correct and verify range, characters, etc. There are also policies which allow you to restrict certain actions to logged-in users only.

hope this was helpful :)

Answer 2

When you create an API by command line, you'll get an API that lets you search, paginate, sort, filter, create, destroy, update, and associate. Since these blueprint actions are built-in Sails. You can override these actions by yourself. Find more at in Sails.js Documentation