1

I have a piece of Dart in my server-side app and I have no idea how to transform the map delivered by MySql into a JSON-type structure, to send these data to the client.
Secure: no way of Sql-injection;
easy: only a few line of code to convert data, taking in account that a string contains string-delimiters (' or "), that don't allow for a simple concat.
On the client I decode a JSON string and populate the form. this is the server routine:

 void handlePost(HttpRequest req) {
   HttpResponse res = req.response; 
    req.listen((List<int> buffer) {
     addCorsHeaders(res);  
     AsciiDecoder a = new AsciiDecoder();
     String s = a.convert(buffer); // contains key data in JSON-string
     Map data = JSON.decode(s);
     if (data.containsKey("key")){
       var r1 = data{"key"};      
       pool.query('select fi, la, age from person where keyT =' + r1).then((result) {
         result.forEach((row) {
             print("FirstName: ${row[0]}, lastName: ${row[1]}, Age: ${row[2]}");
             closeRes(res, JSONdata);
         });
       });
     }
     else closeRes(res, "NOK missing key");
   },
   onError: printError);
 }

Where I wrote print("FirstName: ${row[0]}, lastName: ${row[1]}, Age: ${row[2]}");
I'd write some code that transforms the MySql map into something, that I can transform in the client to a JSON-something. On the Client I have this:

 void getDataFromServer(){
   HttpRequest request = new HttpRequest(); // create a new XHR  
   request.onReadyStateChange.listen((_) {
     if (request.readyState == HttpRequest.DONE &&
        (request.status == 200 || request.status == 0)) {
       extractJson(request.responseText); // output the response 
     }
   });  
   request.open("POST", url, async: false);
   request.send(jsonData); // POST string like: {"key":"12345"}
 }

Can someone some lines of code, showing how-to? or show me an article that has some working example? I'm running newest version of Dart.
I used (for 15 years) to write desktop app's in VBasic, trying now to convert.

Günter Zöchbauer
  • 623,577
  • 216
  • 2,003
  • 1,567
Martin
  • 1,430
  • 10
  • 19
  • I think all what you need is here on StackOverflow. Just use the search function. 'Give me some code' questions are off topic on SO. – Günter Zöchbauer Jan 30 '14 at 11:48
  • If so, reread my question as: What DART routine can transform a MySql map returned by SqlJocky into a Jason-map. – Martin Jan 30 '14 at 12:21
  • For secure transfer, use SSL encryption. – Nawaf Alsulami Jan 30 '14 at 13:36
  • Secure in the sense, that I don't upload html-injection type of data. I can't find any routines (like in php) that transform all special chars in &things; – Martin Jan 30 '14 at 19:50
  • Dart automatically sanitizes any html content inserted into a page without a validator. Maybe it does the same for user input. I need to check. – Nawaf Alsulami Jan 30 '14 at 20:21

1 Answers1

1

Found a solution for the encoding to JSON in stackoverflow. Set all fields in the class that describes the sql-table to the results obtained by mySql and serialize. Concat all rows. Then pass the string to the client.

Awaiting the answer from Nawaf Alsulami for the injection part of the question

Community
  • 1
  • 1
Martin
  • 1,430
  • 10
  • 19