A better and faster way for eval?
- by user1707250
I want to build my queries dynamically and use the following snippet:
--snip--
module.exports = {
get : function(req, res, next) {
var queryStr = "req.database.table('locations').get(parseInt(req.params.id))";
if (req.params.id) {
if (req.fields) {
queryStr += '.pick(' + req.fieldsStr + ')';
}
console.log(queryStr);
eval(queryStr).run(function(result) {
console.log(result);
res.send(result);
});
} else if (!req.params.id) {
--snip--
However introducing eval opens up my code to injection (req.fields is filled with url parameters) and I see the response time of my app increase from 7 to 11ms
Is there a smarter way to accomplish what I did here?
Please advice.