For this operation, we need the following:
- The type of reading desired
- The two times between which we require readings
const fetchReadingsBetweenTime = (type, start,
end,
callback) => { db.all(`SELECT * FROM ${type} WHERE createdAt
> ? AND
createdAt < ?;`, [start, end], callback) }
In this query, we do not use template string variables and go for the library's query parameterization instead. Query parameterization is when we use a query template and fill it in with the required values, as opposed to hardcoding the entire query. The reason we do this is to prevent SQL injection. In all our previous queries, we were constructing the query within our system. These queries were not going to be exposed outside our server application.
This query is different in the sense that we plan to let the user choose the times between which they would like to see readings. The start and end parameters are, therefore, susceptible to outside interference and must be provided as query parameters to prevent SQL injection.