Building an API for Real Estate! 🏡 #coding #programming #api @postman

Instantly gets sql injected. Never do what he's doing. Use a sql builder and params or at least escape your input. Not only can you get hacked doing this, the query can't be cached efficiently because it constantly needs reparsed.

deekaneable

LMAO they tearing him up in the comments LOL

RealParadox

Even AI like copilot would never wrote an unsanitized query

Rei-bgrf

No prepared statements
No need for a serverless framework (wut)
Literally zero need to create a mock endpoint
Wrote an endpoint that just did a super basic DB query.

Is there any logic in this API?

This whole video could have been done in excel

jonathanschober

I think the reason for all the flame comments is just that these practices don’t fly in the professional world. I think what you made here is totally cool as a personal project with software that you don’t plan to distribute, but in general if someone not knowledgeable saw this and figured this is all it takes to be a developer, that’s where the disparity comes in. As a backend and database dev even seeing the “select *” in the query was enough for me to raise an eyebrow. In light of setting a good example, people have already pointed out escaping inputs and preparing statements, but something else worth mentioning is most practices you want to return the least amount of columns to accomplish the task at hand. Especially with a select * statement, if those table schemas were to be updated with adding or removing columns your code will break. Stored procedures, views, and prepared statements in the code is 100% your best bet in preventing SQL injection, future proofing AND improving performance.

MyMfDominoes

Not judging (cos i do too) but the chatGPT/whatever AI you used in your code was just obvious to me when i saw //the rest of your code... like ive experienced that a lot😂

TriumphAidenojie

Serverless framework == I Don't actually know what I'm doing... Bro you are doing so many things wrong.. you could've just used metabase or similar and got the data you wanted

Crow

What does this do? That you can’t do by using an existing online tool. I mean you’re looking for a house. Price, location, coming up open house dates. What else do you need? Pictures, videos. All the stuff you’d see on websites. What are you looking for that is unique?

goomyman

Looks as promising as my first CMS on Google Sheets with storing images in a personal social network chat)

i.am.mikhailov

Should have used the "sql-template-tag" package and use "sql" as tag function before the template literal.

benben

Jesus Christ what he just said, and my dumb ass taught I could learn this 😂

satisfymyeye

As any? What cheap AI did you use for this code?

azizoid

You can build stuff to learn or just because it's fun. It isn't always about making it useful.

rotntry

Sql injection, use an ORM, people do not do this. It’s nicely educational but in real software use an ORM or just anything other than raw sql

AmyIous-fp

Node is very handy, the only thing i hate about it is how much it weighs, its annoying as f 😂 . Good job btw!

AdamBaker-Ai

Why not use excel . To search for what you are looking for since you already downloaded the data

MichealMicheal-zd

I love how you are coding while standing
Sitting for long hours damages our body

notacoder

All technology can be simplied to fetching and displaying data. The only real problem is obtaining the data.

Goon

Just don't do this in production, kids

funkdoc

I'm doin tha same and I keep getting typeError

yellowman