I have a function to retrieve a user's profile.
app.get('/api/user/profile', function (request, response)
{
// Create the default error container
var error = new Error();
var User = db.User;
User.find({
where: { emailAddress: request.user.username}
}).then(function(user)
{
if(!user)
{
error.status = 500; error.message = "ERROR_INVALID_USER"; error.code = 301;
return next(error);
}
// Build the profile from the user object
profile = {
"firstName": user.firstName,
"lastName": user.lastName,
"emailAddress": user.emailAddress
}
response.status(200).send(profile);
});
});
When the "find" function is called it displays the select statement on the console where the server was started.
Executing (default): SELECT `id`, `firstName`, `lastName`, `emailAddress`, `password`, `passwordRecoveryToken`, `passwordRecoveryTokenExpire`, `createdAt`, `updatedAt` FROM `Users` AS `User` WHERE `User`.`emailAddress` = '[email protected]' LIMIT 1;
Is there a way to get this not to be display? Some flag that I set in a config file somewhere?
All versions of sequelize lower than 5.8. 11 are vulnerable to SQL Injection (CVE-2019-10748) because they contain JSON path keys that are not being properly escaped for the MySQL and MariaDB dialects.
Sequelize will keep the connection open by default, and use the same connection for all queries. If you need to close the connection, call sequelize. close() (which is asynchronous and returns a Promise).
Automatically creates tables in MySQL database if they don't exist by calling await sequelize.
When you create your Sequelize object, pass false
to the logging
parameter:
var sequelize = new Sequelize('database', 'username', 'password', {
// disable logging; default: console.log
logging: false
});
For more options, check the docs.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With