- // NOTE: parameters are already cleaned (in controller), thus no sanitization here
- create: function(name, email, notify, callback)
- {
- db.serialize(function() {
- const insertQuery =
- "INSERT INTO Users " +
- "(name, email, notify, created) VALUES " +
- "('" + name + "', '" + email + "', " + notify + "," + Date.now() + ")";
- db.run(insertQuery, err => {
- if (!!err)
- return callback(err);
- db.get("SELECT last_insert_rowid() AS rowid", callback);
- });
- });
- },
+ // NOTE: parameters are already cleaned (in controller), thus no sanitization here
+ create: function(name, email, notify, callback)
+ {
+ db.serialize(function() {
+ const insertQuery =
+ "INSERT INTO Users " +
+ "(name, email, notify, created) VALUES " +
+ "('" + name + "', '" + email + "', " + notify + "," + Date.now() + ")";
+ db.run(insertQuery, err => {
+ if (!!err)
+ return callback(err);
+ db.get("SELECT last_insert_rowid() AS rowid", callback);
+ });
+ });
+ },