ofanidariyan · April 3, 2017 18:51
diff --git a/sql-injection.js b/sql-injection.js
 var mysql = require('mysql');
 var express = require('express');
 var connection = mysql.createConnection({
 	host: 'localhost',
 	user: 'root',
 	database: 'injection',
 	password: '',
 	multipleStatements: true // Mengaktifkan eksekusi multiple statement
 });
 connection.connect(function(err){
 if(!err) {
    console.log("Berhasil terkoneksi dengan database !!!");    
 } else {
    console.log("Gagal terkoneksi dengan database !!!");    
 }
 });
 var app = express();
 app.get('/:id', function(req, res, next) {
 	//Query SQL yang tidak terfilter dengan benar
 	connection.query('SELECT * FROM users WHERE id="' + req.param('id') + '"', function(err, rows, fields) {
 		if (err) {
 			next(err);
 			return;
 		}
 		res.send(JSON.stringify(rows));
 	});
 });
 app.listen(3000);
 console.log('Server Berjalan Port 3000 :)');
	var mysql = require('mysql');
	var express = require('express');
	var connection = mysql.createConnection({
	host: 'localhost',
	user: 'root',
	database: 'injection',
	password: '',
	multipleStatements: true // Mengaktifkan eksekusi multiple statement
	});
	connection.connect(function(err){
	if(!err) {
	console.log("Berhasil terkoneksi dengan database !!!");
	} else {
	console.log("Gagal terkoneksi dengan database !!!");
	}
	});
	var app = express();
	app.get('/:id', function(req, res, next) {
	//Query SQL yang tidak terfilter dengan benar
	connection.query('SELECT * FROM users WHERE id="' + req.param('id') + '"', function(err, rows, fields) {
	if (err) {
	next(err);
	return;
	}
	res.send(JSON.stringify(rows));
	});
	});
	app.listen(3000);
	console.log('Server Berjalan Port 3000 :)');