I'm trying to access a user's posts stored in neo4j and I'm testing it with simply making an api with a get endpoint that takes one parameter (uuid).
this is the function:
db.query('MATCH (user:user {uuid: $uuid})-[:posted]->(posts:post) RETURN posts ORDER BY posts.date', {uuid: req.params.uuid}, (err, result) => {
if (err) {
console.error(err)
res.json(err)
}
console.log(req.params.uuid) //logs the correct entered param
res.send(result)
})
this returns an empty result. However, if I hardcoded the uuid param provided it returns the result (knowing that there are already 3 posts posted by a user with uuid 123) like so:
db.query('MATCH (user:user {uuid: $uuid})-[:posted]->(posts:post) RETURN posts ORDER BY posts.date', {uuid: 123}, (err, result) => {
if (err) {
console.error(err)
res.json(err)
}
console.log(req.params.uuid)
res.send(result)
})
The 3 posts are returned.
why isn't req.params.id recognized (at least that's what I think)
UPDATE: I used MATCH (user:user {uuid: '+ req.params.uuid + '}) and it worked but wouldn't this make it vulnerable for injection?