TypeError in node-red when trying to post the data form flutter project

Hi, I'm quite new to node-red. I'm trying to post the data from my flutter project to database via node-red but I got this error. (However, the type of order_status_id is set as integer both in database and flutter project.)

Below this is my flow on node red.

Screen Shot 2021-03-14 at 15.29.55806×203 29.4 KB

Function in node-red

var customer_id  = msg.payload.customer_id;
var order_status_id = msg.paylod.order_status_id;
var address = msg.paylod.address;
var date = msg.paylod.date;
var total_amount = msg.paylod.total_amount;
var delivery_fee = msg.paylod.delivery_fee;
var delivery_method = msg.paylod.delivery_method;
var receiver_name = msg.paylod.receiver_name;
var sub_total = msg.paylod.sub_total;
var postcode = msg.paylod.postcode;
var time = msg.paylod.time;

var sql = "";
var template = "insert into orders (order_id,customer_id,order_status_id,address,date,total_amount,delivery_fee,delivery_method, receiver_name,sub_total, postcode, time) ";
template    += "values(null,'o1','o2','o3','o4','o5','o6','o7','o8','o9','o10','o11');";

for(var i=0;i<items.length;i++){
    var cp = template;
cp = cp.replace('o1',customer_id);
cp = cp.replace('o2',order_status_id);
cp = cp.replace('o3',address);
cp = cp.replace('o4',date);
cp = cp.replace('o5',total_amount);
cp = cp.replace('o6',delivery_fee);
cp = cp.replace('o7',delivery_method);
cp = cp.replace('o8',receiver_name);
cp = cp.replace('o9',sub_total);
cp = cp.replace('o10',postcode);
cp = cp.replace('o11',time);
sql += cp;
}


msg.topic = sql;
return msg;

Function in flutter:

void makeOrder() {
    String url = order_url;

    ProductOrder order = ProductOrder(
        customer_id:1,
        order_status_id: 1,
        address: _address,
        date: _date,
        total_amount: _grandTotal,
        delivery_fee: _del_fee,
        delivery_method: _deli,
        receiver_name: _receiver_name,
        sub_total: _sub_total,
        postcode: _postcode,
        time: _time,
    );

    var data = json.encode(order.toJson());
    print(data);
    http.post(url, body: data, headers: {"Content-Type": "application/json"})
        .then((value) => print(value));
  }//ef```

Hi,
which version of the mysql node did you install - If just yesterday v0.1.2 had a regression in that broke it - please make sure you have version 0.1.3.

Spot the deliberate spelling mistake ^

Ps, you copy and pasted that typo a few times.

Also, where does items come from in that for loop?

Lastly, using string replace is not a good idea. It is a time bomb. Suppose someone entered a post code of no7 1ab guess what would happen.

You would be far better off with prepared statements.

If you don't wanna go down that path then at least change the string replace calls with a single is string template literal e.g...

sql = `insert into orders (col1) values (${value1});`

How can I check the version of it?

I've checked so many times but didn't see any spelling mistake.

payload not paylod

Ps I updated that post with additional info. Please read it again.

It's working now! I firstly checked only the word order_status_id, so I didn't see the word "payload" as it's misspelled. Thanks you so much for the suggestion above and helping me fixing this.

Do you know what will happen?

When the code his this line

cp = cp.replace('o7',delivery_method);

It will find o7 in the middle of the address & will put the delivery method in the middle of the post code.

That issue exists for every one of the fields.

Not only that, you are wide open to SQL injections.

Do yourself a favour, read the docs for the node & learn how to do prepared statement.

ohh, I've never known it before. I will learn more about it, thanks a lot.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.