无法使用 NodeJS 在 SQL Server 中验证用户凭据

Question

我正在尝试使用 NodeJS、Express 和 SQL Server 构建登录表单。我遇到了身份验证过程的问题。下面是表格。

表格：

<form action="/auth" method="POST">
                <input type="text" name="uname" placeholder="Username" required="">
                <input type="password" name="pass" placeholder="Password" required="">
                <input type="submit">
            </form>

我确信数据库连接可以正常工作，因为我尝试从数据库中提取信息并成功。

app.js 文件：

var sql = require("mssql");
var express = require("express");
var session = require("express-session");
var bodyParser = require("body-parser");
var path = require("path");


var dbconfig = {
  server: "Server",
  database: "Test",
  user: "########",
  password: "####################",
  port: 1433,
  options : {
    encrypt: false
  }
};

var app = express();
app.use(session({
  secret: 'Secret',
  resave: true,
  saveUninitalized: true

}));

app.use(bodyParser.urlencoded({
  extended: true
}));
app.use(bodyParser.json());

app.get('/', function(request, response) {
  response.sendFile(path.join(__dirname + '/login.html'));
});

app.post('/auth', function(request, response) {
try {
    var uname = request.body.uname;
    var pass = request.body.pass;
    console.log(uname);
    console.log(pass);
    if (uname && pass) {

      var conn = new sql.ConnectionPool(dbconfig);
      conn.connect((function() {
        var thisConn = conn;
        var req = new sql.Request(thisConn);

        return function() { //connect callback
          req.query("Select * from Admin where username = ? AND password = ?", [uname, pass],
            (function() {
              var req = request;
              var resp = response;
              var conn = thisConn;

              return function(error, results, recordset) { // query callback
                if (results.length > 0) {
                  req.session.loggedin = true;
                  req.session.username = uname;
                  resp.redirect('/home');
                } else {
                  response.send('Username and/or Password not found');
                }
                conn.close();
                resp.end();
              };
            })());
        };
      })());
    } else {
      response.send('Please enter Username and Password');
    }
  } catch (err) {
    console.error('SQL error', err);
  }

});

我收到的错误是语法错误。我认为 request.body 是问题，直到我 console.log(uname) 证明变量包含所需的用户名和密码。

错误：

test
test
(node:24386) UnhandledPromiseRejectionWarning: RequestError: Incorrect syntax near '?'.
    at handleError (///nodeconSQL/node_modules/mssql/lib/tedious/request.js:366:15)
    at Connection.emit (events.js:193:13)
    at Parser.tokenStreamParser.on.token (///nodeconSQL/node_modules/tedious/lib/connection.js:832:12)
    at Parser.emit (events.js:193:13)
    at Parser.parser.on.token (///nodeconSQL/node_modules/tedious/lib/token/token-stream-parser.js:37:14)
    at Parser.emit (events.js:193:13)
    at addChunk (///nodeconSQL/node_modules/readable-stream/lib/_stream_readable.js:298:12)
    at readableAddChunk (///nodeconSQL/node_modules/readable-stream/lib/_stream_readable.js:280:11)
    at Parser.Readable.push (///nodeconSQL/node_modules/readable-stream/lib/_stream_readable.js:241:10)
    at Parser.Transform.push (///nodeconSQL/node_modules/readable-stream/lib/_stream_transform.js:139:32)
(node:24386) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 2)

Answer 1

您收到错误是因为 query 没有采用 3 个参数。

如果你想使用parameters，请按此

req
.input('uname',sql.VarChar(50),uname)
.input('pass',sql.VarChar(50),pass)
.query("Select * from Admin where username = @uname AND password = @pass", (function () {} ) )