为什么我在使用GET的标准Node Oracledb设置时会收到“来自HTTP参数的未经清理的输入流入发送”?

bsxbgnwa  于 2023-04-29  发布在  Node.js
关注(0)|答案(2)|浏览(83)

我目前的环境使用的是Angular前端和Node Backend。
标记的行位于控制器代码的下方。

res.send(rows);

我们的数据库是Oracle,所以我们使用的是包:https://www.npmjs.com/package/oracledb

前端GET请求示例

getJobResult(id): Observable<JobResult[]> {
    const url = environment.hosturl + "job";
    const httpOptions = {
      headers: new HttpHeaders({
        "Access-Control-Allow-Origin": "*",
        "Content-Type": "application/json",
      }),
      withCredentials: true,
      params: {
        id: id,
      },
    };
        return this._http.get(url, httpOptions).pipe(
      map((res) => {
        if (res[0] && JSON.stringify(res[0]).includes("ERROR_MSG")) {
          // Error in GET Result
          this.router.navigate(["/error"]);
        }
        
        return <JobResult[]>res;
      })
    );
  }

API后端控制器示例

const job = require('../db_apis/job.js');

async function get(req, res, next) {
  try {
    const context = {};
    context.id = req.query.id;

    const rows = await job.find(context);

    res.send(rows);
    
    } catch (err) { 
res.sendStatus(404);
    next(err);
  }
}

module.exports.get = get;

上面的行是res.send(rows)是标记错误的东西。
API的DB API文件示例

const database = require('../services/database.js');

async function find(context) {

  let query = `SELECT  * FROM JOB WHERE JOB_ID = :V_ID`
  
console.log(query);
const binds = {
  V_ID: Number(context.id)
};
const result = await database.simpleExecute(query, binds, clientdetails);
  return result.rows;
}

module.exports.find = find;

simpleExecute运行的函数

async function simpleExecute(query, binds = [],clientdetails = [], opts = {}) {
  let conn;
  // Set Pool based on User
  let alias = 'client1';
  let simpleResult;
  console.log('Action for Client: ' + alias)

  opts.outFormat = oracledb.OBJECT;
  opts.autoCommit = true;

  try {
    // Get Connection
    conn = await oracledb.getConnection(alias);
    conn.callTimeout = 500 * 1000; // Reduced the timeout to 50 secs
    // Execute Statement
    simpleResult = await conn.execute(query, binds, opts);
  } catch (err) {
    console.error("Oracle Error ==>", err, "<== THIS IS WHERE THE ORACLE ERROR WILL SHOW!"); 
  } finally {
    // Finally close the connection
    if (conn) {
      try {
        await conn.close();
        console.log('Connection Closed.')
      } catch (err) {
        console.log('Error in close: ' + err);
      }
      // return the result
      console.log('Result Returned.');
      return simpleResult
    }
  } 
}

module.exports.simpleExecute = simpleExecute;

任何帮助将不胜感激!

njthzxwz

njthzxwz1#

你需要使用bind对象来提供它,bind对象具有文档中描述的dir、瓦尔和type属性:https://node-oracledb.readthedocs.io/en/latest/user_guide/bind.html
绑定对象使用示例:

const oracledb = require('oracledb');

const result = await connection.execute(
  `INSERT INTO countries VALUES (:country_id, :country_name)`,
  {
    country_id: { dir: oracledb.BIND_IN, val: 90, type: oracledb.NUMBER },
    country_name: { dir: oracledb.BIND_IN, val: "Tonga", type: oracledb.STRING }
  }
);

console.log("Rows inserted " + result.rowsAffected);
tsm1rwdh

tsm1rwdh2#

从作业返回的行。find方法不能序列化为JSON。如果数据包含循环引用、函数或其他不可序列化的数据类型,则可能发生这种情况。
试着检查一下。如果是这样,您可以使用像“lodash”或“underscore”这样的库来深度克隆数据并删除任何不可序列化的属性。

相关问题