- if (!notify)
- notify = false; //default
- db.serialize(function() {
- db.run(
- "INSERT INTO Users " +
- "(name, email, notify) VALUES " +
- "(" + name + "," + email + "," + notify + ")");
- });
-}
+ // NOTE: parameters are already cleaned (in controller), thus no sanitization here
+ create: function(name, email, notify, callback)
+ {
+ db.serialize(function() {
+ const insertQuery =
+ "INSERT INTO Users " +
+ "(name, email, notify) VALUES " +
+ "('" + name + "', '" + email + "', " + notify + ")";
+ db.run(insertQuery, err => {
+ if (!!err)
+ return callback(err);
+ db.get("SELECT last_insert_rowid() AS rowid", callback);
+ });
+ });
+ },