node-postgres

Node.js - PostgreSQL (pg) : Client has already been connected. You cannot reuse a client

左心房为你撑大大i 提交于 2021-02-10 22:17:38
问题 I am just trying to write simple register/login system. I am trying to find if username exists. Here is the steps : Go localhost:3000/users/register page Fill in all fields and click register button Checking my command line if username exists it should print it with console.log Everything works fine until now. When I go back to the register page, I fill in all fields again and click register button. Then it throws it in command line : Error: Client has already been connected. You cannot reuse

In NodeJS how to save JSON object as text with node-postgres module?

故事扮演 提交于 2021-02-05 05:51:10
问题 Finally i move forward from postgresql 9.1 to postresql 9.3 that supports JSON data type. Then the same code function properly. However i think that what i want to do in the first place can be done... if someone know how i still want to know. Enviroment node v0.10.28 pg v3.3.0 postgresql 9.1 I got this insert query INSERT INTO sessions(sid, user_id, session_object) VALUES ('id1', 1, '{"id":"fX2HkXYLclB","data": testing"}') RETURNING session_id When testing it from pgAdmin (or command line) it

In NodeJS how to save JSON object as text with node-postgres module?

三世轮回 提交于 2021-02-05 05:51:08
问题 Finally i move forward from postgresql 9.1 to postresql 9.3 that supports JSON data type. Then the same code function properly. However i think that what i want to do in the first place can be done... if someone know how i still want to know. Enviroment node v0.10.28 pg v3.3.0 postgresql 9.1 I got this insert query INSERT INTO sessions(sid, user_id, session_object) VALUES ('id1', 1, '{"id":"fX2HkXYLclB","data": testing"}') RETURNING session_id When testing it from pgAdmin (or command line) it

Sanitizing user inputs when the user input is a schema name in node postgres

筅森魡賤 提交于 2020-08-10 18:52:49
问题 I am using https://node-postgres.com/ to write a fairly simple application, but I do have a complex constraint that has caused me issues. Namely, I need my SQL statement to select a schema based on user input SELECT * FROM {some user value}.tableName but when I attempt to parametrize this normally, I get a syntax error {"errorType":"error","errorMessage":"syntax error at or near \"$1\"" Which seems to indicate that the value wasnt replaced as expected. Is there a way to sanitize the incoming

Sanitizing user inputs when the user input is a schema name in node postgres

强颜欢笑 提交于 2020-08-10 18:52:09
问题 I am using https://node-postgres.com/ to write a fairly simple application, but I do have a complex constraint that has caused me issues. Namely, I need my SQL statement to select a schema based on user input SELECT * FROM {some user value}.tableName but when I attempt to parametrize this normally, I get a syntax error {"errorType":"error","errorMessage":"syntax error at or near \"$1\"" Which seems to indicate that the value wasnt replaced as expected. Is there a way to sanitize the incoming

node.js + postgres 从注入到Getshell

十年热恋 提交于 2020-08-09 20:14:25
【转】 http://bobao.360.cn/learning/detail/4657.html 前言 (最近你们可能会看到我发很多陈年漏洞的分析,其实这些漏洞刚出来我就想写,不过是没时间,拖延拖延,但该做的事迟早要做的,共勉) Postgres是现在用的比较多的数据库,包括我自己的博客,数据库都选择使用Postgres,其优点我就不展开说了。node-postgres是node中连接pg数据库的客户端,其中出现过一个代码执行漏洞,非常典型,可以拿出来讲一讲。 0x01 Postgres 协议分析 碳基体妹纸曾经分析过postgres的认证协议,显然pg的交互过程其实就是简单的TCP数据包的交互过程,文档中列出了所有数据报文。 其中,我们观察到,pg的通信,其实就是一些预定的message交换的过程。比如,pg返回给客户端的有一种报文叫“RowDescription”,作用是返回每一列(row)的所有字段名(field name)。客户端拿到这个message,解析出其中的内容,即可确定字段名: 我们可以抓包试一下,关闭服务端SSL,执行SELECT 'phithon' AS "name",可见客户端发送的报文头是Simple Query,内容就是我执行的这条SQL语句: 返回包分为4个message,分别是T/D/C/Z,查看文档可知,分别是“Row description”、

Storing a file in postgres using node-postgres

时光总嘲笑我的痴心妄想 提交于 2020-08-04 04:29:47
问题 I'm trying to store a small file into a postgres db using the node-postgres module. I understand that I should use the bytea data type to do this. The problem I'm having is when I do some thing like: fs.readFile path, (err, data) -> client.query 'UPDATE file_table SET file = $1 WHERE key = $2', [data, key], (e, result) -> .... The contents of the file column in the db is: \x and nothing is stored. If I change the data buffer to hex i.e. data.toString('hex') the file is stored but all

Storing a file in postgres using node-postgres

柔情痞子 提交于 2020-08-04 04:29:20
问题 I'm trying to store a small file into a postgres db using the node-postgres module. I understand that I should use the bytea data type to do this. The problem I'm having is when I do some thing like: fs.readFile path, (err, data) -> client.query 'UPDATE file_table SET file = $1 WHERE key = $2', [data, key], (e, result) -> .... The contents of the file column in the db is: \x and nothing is stored. If I change the data buffer to hex i.e. data.toString('hex') the file is stored but all

Storing a file in postgres using node-postgres

南笙酒味 提交于 2020-08-04 04:28:06
问题 I'm trying to store a small file into a postgres db using the node-postgres module. I understand that I should use the bytea data type to do this. The problem I'm having is when I do some thing like: fs.readFile path, (err, data) -> client.query 'UPDATE file_table SET file = $1 WHERE key = $2', [data, key], (e, result) -> .... The contents of the file column in the db is: \x and nothing is stored. If I change the data buffer to hex i.e. data.toString('hex') the file is stored but all

How to type node-postgres async query functions in TypeScript?

吃可爱长大的小学妹 提交于 2020-03-25 12:33:25
问题 I am fairly new to TypeScript and started to convert my existing server from ES6 to TypeScript. I am a bit lost and trying to figure out how to declare types for async functions. Here's a stub from the ES6 code: // db.js import { Pool } from 'pg'; const pool = new Pool({ connectionString: 'process.env.DB_CONNECTION', }); export default { query(text, params) { return new Promise((resolve, reject) => { try { const result = pool.query(text, params); return resolve(result); } catch (error) {
订阅 node-postgres