Im new to node and express and I have a question regarding using mysql. I have a login form that posts to '/login'. Im using the node-mysql module.
app.get('/site', function(req, res){
if (req.session.is_logged_in === true) {
res.render('site/start', {
title: 'News'
});
} else {
res.redirect('/');
}
});
app.post('/login', function(req, res){
client.query('SELECT id, user_name FROM user WHERE email="' + req.body.login + '" AND password="' + Hash.sha1(req.body.password) + '"',
function (err, results, fields) {
if (err) {
throw err;
}
if (results[0]) {
req.session.userInfo = results[0];
req.session.is_logged_in = true;
res.render('site/start', {
title: 'News'
});
}
else {
res.redirect('/');
}
}
);
});
Is this a good way to do it? Can i continue this way? And are the sql querys escaped in some way, or do i have to write that functionality myself?
Last question: Im rewriting a site, and i used the mysql db. Are there any benefits to changing it to mongodb?
Any help would be appreciated
Thanks in advance
George