Linked Questions

Popular Questions

I'm trying to access a user's posts stored in neo4j and I'm testing it with simply making an api with a get endpoint that takes one parameter (uuid).

this is the function:

db.query('MATCH (user:user {uuid: $uuid})-[:posted]->(posts:post) RETURN posts ORDER BY posts.date', {uuid: req.params.uuid}, (err, result) => {
    if (err) {
        console.error(err)
        res.json(err)
    }
    console.log(req.params.uuid) //logs the correct entered param
    res.send(result)
})

this returns an empty result. However, if I hardcoded the uuid param provided it returns the result (knowing that there are already 3 posts posted by a user with uuid 123) like so:

db.query('MATCH (user:user {uuid: $uuid})-[:posted]->(posts:post) RETURN posts ORDER BY posts.date', {uuid: 123}, (err, result) => {
    if (err) {
        console.error(err)
        res.json(err)
    }
    console.log(req.params.uuid)
    res.send(result)
})

The 3 posts are returned. why isn't req.params.id recognized (at least that's what I think)

UPDATE: I used MATCH (user:user {uuid: '+ req.params.uuid + '}) and it worked but wouldn't this make it vulnerable for injection?

Related Questions