Adamhumbug Posted December 28, 2024 Share Posted December 28, 2024 (edited) Hi All, I have started fiddling with MERN stack as i was looking for something to progress my knowledge. It has all been raw PHP and i fancied expanding my horizens. I know that this is a PHP forum, but i love the users on here so i am hoping that there is sympathy for me posting here (hope that this post is in the most appropriate channel) I am making a controller where i will write all of my api endpoints. My question is about best practices. Should i be writing the following where i break down what is being passed in: const {first_name, last_name, email, password, isAdmin} = req.body; const user = new User({ first_name, last_name, email, password, isAdmin }); or should i just accept whatever is passed in, like this const user = req.body; const newUser = new User(user); This is my first project so i really am finding my feet. For clarity, this would be an add user function export const addUser = async (req, res) =>{ const user = req.body; const newUser = new User(user); } As always, i appreciate youre responses. Edited December 28, 2024 by Adamhumbug Quote Link to comment https://forums.phpfreaks.com/topic/326361-data-controller-best-practices/ Share on other sites More sharing options...
Solution requinix Posted December 28, 2024 Solution Share Posted December 28, 2024 The main problem is that you aren't validating the input. Or at least not as far as I can see. Do that, as in validate that the body contains those fields with expected types and doesn't contain anything else, and the question is basically irrelevant... Quote Link to comment https://forums.phpfreaks.com/topic/326361-data-controller-best-practices/#findComment-1646979 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.