| <?php | |
| $token = "xx:xxx"; | |
| $telegram_id = "xxx"; | |
| $text = "Ini adalah notifikasi dari website."; | |
| $url = "https://api.telegram.org/bot" . $token . "/sendMessage"; | |
| $data = array( | |
| 'chat_id' => $telegram_id, |
| app.get('/users', (req, res) => { | |
| const username = req.query.username; | |
| const sql = 'SELECT * FROM users WHERE username = ?'; | |
| db.query(sql, username, (err, results) => { | |
| if (err) { | |
| console.error('Error executing query:', err); | |
| return res.status(500).send('Error executing query'); | |
| } |
| // Route yang rentan terhadap SQL injection | |
| app.get('/users', (req, res) => { | |
| const username = req.query.username; | |
| const sql = `SELECT * FROM users WHERE username = '${username}'`; | |
| db.query(sql, (err, results) => { | |
| if (err) { | |
| console.error('Error executing query:', err); | |
| return res.status(500).send('Error executing query'); | |
| } |
contoh kode Express.js yang rentan terhadap serangan SQL injection pada bagian SELECT dan contoh kode yang aman:
Contoh Kode Rentan SQL Injection:
// Route yang rentan terhadap SQL injection
app.get('/users', (req, res) => {
const username = req.query.username;
const sql = `SELECT * FROM users WHERE username = '${username}'`;