问题
I have a little website in node.js, when a people want to sign up we call a function (a external file) here the part where i write the JSON :
{
nouveauMembre = {};
nouveauMembre.pseudo = query.pseudo;
nouveauMembre.password = query.password;
listeMembre[listeMembre.length] = nouveauMembre;
contenu_fichier = JSON.stringify(listeMembre);
fs.writeFileSync("membres.json", contenu_fichier, 'utf-8');
}
we write the pseudo and password in the JSON menbres.json but i want to write another file wich is call the actual pseudo selected (the query)
so i write :
nouveauMembre = {};
nouveauMembre.pseudo = query.pseudo;
nouveauMembre.password = query.password;
listeMembre[listeMembre.length] = nouveauMembre;
contenu_fichier = JSON.stringify(listeMembre);
fs.writeFileSync("membres.json", contenu_fichier, 'utf-8');
AddMembre = {};
AddMembre.pseudo = query.pseudo;
AddMembre.email = query.email;
AddMembre.nom = query.nom;
AddMembre.prenom = query.prenom;
AddMembre.password = query.password;
new_file = JSON.stringify(AddMembre);
fs.writeFileSync("query.pseudo.json", new_file, 'utf-8')
}
but i can't wirte "query.pseudo.json" how can i write this ? i already try with that :
fs.writeFileSync(query.pseudo".json", new_file, 'utf-8');
but not working... :'(
Thanks for your help !
回答1:
As Chris G has already posted in the comment, you have written query.pseudo".json" instead of query.pseudo+".json" - you should get a syntax error telling you that.
But I see some more serious issues with your code.
First of all you will get into trouble using writeFileSync (or readFileSync or any other -Sync functions) as soon as you get more concurrent connections. Those are blocking calls and should be used only on the first tick of the event loop. For serving requests you should be using only the asynchronous version (without Sync in their name).
Second of all, you have a serious security issue where anyone could write to any place in your file system by using a pseudonym containing slashes or double dots.
Third, your are storing user passwords in plain text which is unacceptable and may cause you legal troubles in many cases.
You seem to be implementing your own database but you have not considered:
- Security
- Performance
- Race conditions
You can either try to fix all of those issues to make your system secure (by sanitizing the input data) and performant (by not using the blocking functions) and fix some more minor issues with it, or you can use a working and tested solution to store your data.
If you don't want to use a stand-alone database like MongoDB, RethinkDB or PostgreSQL or anything like that and you want all your data stored in files on your file system, then you can use something like those:
- http://lokijs.org/
- http://www.tingodb.com/
- https://github.com/creationix/nstore
- https://github.com/felixge/node-dirty
- https://github.com/louischatriot/nedb
- https://www.npmjs.com/package/sqlite3
- https://www.npmjs.com/package/sqlite
- https://www.npmjs.com/package/flat-file-db
- https://www.npmjs.com/package/flat-db
and many others.
I wouldn't recommend building a database management system, which is exactly what you're doing here, to anyone who is not experienced with that.
来源:https://stackoverflow.com/questions/40863991/write-json-with-query-pseudo