diff options
| author | Marvin Borner | 2021-01-29 19:13:56 +0100 |
|---|---|---|
| committer | Marvin Borner | 2021-01-29 19:13:56 +0100 |
| commit | ad8fded3d0e65d4e1c774d5da83e12030c9bf47c (patch) | |
| tree | f014ee3d343ab68f5306ecdb35f769b770bc5b87 /questions/index.js | |
| parent | 50e6849899afa53c542aa878cc86c395b518982f (diff) | |
hardcoded superadmin
Diffstat (limited to 'questions/index.js')
| -rw-r--r-- | questions/index.js | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/questions/index.js b/questions/index.js index 96bbb8b..1f2ea9a 100644 --- a/questions/index.js +++ b/questions/index.js @@ -16,7 +16,9 @@ app.get("/api/question/:id", checkUser, async (req, res) => { [question.id, req.session.uid], ); question.answer = answers.length > 0 ? answers[0].option_id : undefined; - question.options = await db.query("SELECT id, answer_option FROM question_options WHERE question_id = ?", [question.id]); + question.options = await db.query("SELECT id, answer_option FROM question_options WHERE question_id = ?", [ + question.id, + ]); res.json(question); } else { res.json({}); @@ -57,11 +59,14 @@ async function answer(req, res, qu) { const { question, answer } = req.body; const fail = { success: false }; try { - const possibleAnswers = await db.query(`SELECT qo.id + const possibleAnswers = await db.query( + `SELECT qo.id FROM question_questions qq INNER JOIN question_options qo on qq.id = qo.question_id - WHERE qq.id = ?`, [question]); - if (possibleAnswers.find(value => +value.id === +answer) === undefined) return res.json(fail); // Answer not for question + WHERE qq.id = ?`, + [question], + ); + if (possibleAnswers.find((value) => +value.id === +answer) === undefined) return res.json(fail); // Answer not for question await db.query(qu, [answer, question, req.session.uid]); res.json({ success: true }); } catch (e) { |