A better and faster way for eval?

Posted by user1707250 on Stack Overflow See other posts from Stack Overflow or by user1707250
Published on 2012-11-25T22:17:35Z Indexed on 2012/11/25 23:04 UTC
Read the original article Hit count: 140

Filed under:
|

I want to build my queries dynamically and use the following snippet:

--snip--
module.exports = {

get : function(req, res, next) {
  var queryStr = "req.database.table('locations').get(parseInt(req.params.id))";

  if (req.params.id) {
    if (req.fields) {
      queryStr += '.pick(' + req.fieldsStr + ')';
    }

    console.log(queryStr);
    eval(queryStr).run(function(result) { 
      console.log(result);
      res.send(result);
    });
  } else if (!req.params.id) {
--snip--

However introducing eval opens up my code to injection (req.fields is filled with url parameters) and I see the response time of my app increase from 7 to 11ms

Is there a smarter way to accomplish what I did here?

Please advice.

© Stack Overflow or respective owner

Related posts about JavaScript

Related posts about node.js