I've created a webapp that uses expressjs and sqlite3. If for example I search for the name john in the table family: http://mypage.com/search?name=john&table=family It shows the results without any problem. But if someones manually adds &table=xxxxxx after the previous link it automatically crashes. I've been searching for a solution for a while now and couldn't come up with any. How should I prevent this??
I think your code assumes table query param as string.
But if you put "&table=xxx" again in query string, query param for "table" become array.
/search?name=john&table=family&table=xxx
query = {"name":"john","table":["family","xxx"]}