From d1f784dc4bf5dd08234cbc6221258ab8b099377a Mon Sep 17 00:00:00 2001 From: Zack Date: Sun, 5 Oct 2025 21:41:31 -0700 Subject: [PATCH 1/6] fix: use matchedData() to read from req.body rather than reading directly also include a note about how req.query is not mutable in the current version of Express. --- nodeJS/express/forms_and_data_handling.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/nodeJS/express/forms_and_data_handling.md b/nodeJS/express/forms_and_data_handling.md index d0f93ccee5f..a124acc55fa 100644 --- a/nodeJS/express/forms_and_data_handling.md +++ b/nodeJS/express/forms_and_data_handling.md @@ -365,7 +365,7 @@ Let's add a few methods to our `usersController.js` for validating and sanitizin ```javascript // This just shows the new stuff we're adding to the existing contents -const { body, validationResult } = require("express-validator"); +const { body, validationResult, validatedData } = require("express-validator"); const alphaErr = "must only contain letters."; const lengthErr = "must be between 1 and 10 characters."; @@ -390,14 +390,17 @@ exports.usersCreatePost = [ errors: errors.array(), }); } - const { firstName, lastName } = req.body; + const validatedData = matchedData(req); + const { firstName, lastName } = validatedData; usersStorage.addUser({ firstName, lastName }); res.redirect("/"); } ]; ``` -And we need to update our `createUser.ejs` view to render these errors. Let's create a new partial. Inside the `views` folder, create a new folder called `partials` and inside it, create `errors.ejs`: +You might notice that we are using the `matchedData()`[https://express-validator.github.io/docs/api/matched-data] function to access our validated data. While it is a little verbose and `req.body` is mutable, `req.query`, in particular, is not in the current version of Express (v5). You might still need to change these data once validated and/or sanitized. Therefore, you should access them through `matchedData()` for consistency. + +And now, we need to update our `createUser.ejs` view to render these errors. Let's create a new partial. Inside the `views` folder, create a new folder called `partials` and inside it, create `errors.ejs`: ```ejs @@ -479,7 +482,8 @@ exports.usersUpdatePost = [ errors: errors.array(), }); } - const { firstName, lastName } = req.body; + const validatedData = matchedData(req); + const { firstName, lastName } = validatedData; usersStorage.updateUser(req.params.id, { firstName, lastName }); res.redirect("/"); } From a0981057ae57b036cadde9e1fc39615dfac3d9dd Mon Sep 17 00:00:00 2001 From: Zack Date: Sun, 5 Oct 2025 21:46:55 -0700 Subject: [PATCH 2/6] fix: change link format --- nodeJS/express/forms_and_data_handling.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodeJS/express/forms_and_data_handling.md b/nodeJS/express/forms_and_data_handling.md index a124acc55fa..0e7683664b4 100644 --- a/nodeJS/express/forms_and_data_handling.md +++ b/nodeJS/express/forms_and_data_handling.md @@ -398,7 +398,7 @@ exports.usersCreatePost = [ ]; ``` -You might notice that we are using the `matchedData()`[https://express-validator.github.io/docs/api/matched-data] function to access our validated data. While it is a little verbose and `req.body` is mutable, `req.query`, in particular, is not in the current version of Express (v5). You might still need to change these data once validated and/or sanitized. Therefore, you should access them through `matchedData()` for consistency. +You might notice that we are using the [`matchedData()`](https://express-validator.github.io/docs/api/matched-data) function to access our validated data. While it is a little verbose and `req.body` is mutable, `req.query`, in particular, is not in the current version of Express (v5). You might still need to change these data once validated and/or sanitized. Therefore, you should access them through `matchedData()` for consistency. And now, we need to update our `createUser.ejs` view to render these errors. Let's create a new partial. Inside the `views` folder, create a new folder called `partials` and inside it, create `errors.ejs`: From 61e827a73d3d9b7001d8faafd7edf7f356675a8d Mon Sep 17 00:00:00 2001 From: Zack Hoang Date: Mon, 6 Oct 2025 14:14:01 -0700 Subject: [PATCH 3/6] fix: fix import Co-authored-by: mao-sz <122839503+mao-sz@users.noreply.github.com> --- nodeJS/express/forms_and_data_handling.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodeJS/express/forms_and_data_handling.md b/nodeJS/express/forms_and_data_handling.md index 0e7683664b4..420241f5fcd 100644 --- a/nodeJS/express/forms_and_data_handling.md +++ b/nodeJS/express/forms_and_data_handling.md @@ -365,7 +365,7 @@ Let's add a few methods to our `usersController.js` for validating and sanitizin ```javascript // This just shows the new stuff we're adding to the existing contents -const { body, validationResult, validatedData } = require("express-validator"); +const { body, validationResult, matchedData } = require("express-validator"); const alphaErr = "must only contain letters."; const lengthErr = "must be between 1 and 10 characters."; From 356b99e6982a332ce32e4234b050dffd24d45144 Mon Sep 17 00:00:00 2001 From: Zack Hoang Date: Mon, 6 Oct 2025 14:14:25 -0700 Subject: [PATCH 4/6] fix: fix import Co-authored-by: mao-sz <122839503+mao-sz@users.noreply.github.com> --- nodeJS/express/forms_and_data_handling.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nodeJS/express/forms_and_data_handling.md b/nodeJS/express/forms_and_data_handling.md index 420241f5fcd..4c7f14a1e8b 100644 --- a/nodeJS/express/forms_and_data_handling.md +++ b/nodeJS/express/forms_and_data_handling.md @@ -390,8 +390,7 @@ exports.usersCreatePost = [ errors: errors.array(), }); } - const validatedData = matchedData(req); - const { firstName, lastName } = validatedData; + const { firstName, lastName } = matchedData(req); usersStorage.addUser({ firstName, lastName }); res.redirect("/"); } From bff497ac64ad3dab60a6da15acd2366b8ff4f562 Mon Sep 17 00:00:00 2001 From: Zack Hoang Date: Mon, 6 Oct 2025 14:14:47 -0700 Subject: [PATCH 5/6] fix: extract directly from matchedData(req) Co-authored-by: mao-sz <122839503+mao-sz@users.noreply.github.com> --- nodeJS/express/forms_and_data_handling.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nodeJS/express/forms_and_data_handling.md b/nodeJS/express/forms_and_data_handling.md index 4c7f14a1e8b..ac43692b0ea 100644 --- a/nodeJS/express/forms_and_data_handling.md +++ b/nodeJS/express/forms_and_data_handling.md @@ -481,8 +481,7 @@ exports.usersUpdatePost = [ errors: errors.array(), }); } - const validatedData = matchedData(req); - const { firstName, lastName } = validatedData; + const { firstName, lastName } = matchedData(req); usersStorage.updateUser(req.params.id, { firstName, lastName }); res.redirect("/"); } From a3a7bf16a8356fb0f3f8600c738104b435f1e563 Mon Sep 17 00:00:00 2001 From: Zack Hoang Date: Mon, 6 Oct 2025 14:15:25 -0700 Subject: [PATCH 6/6] fix: shorten explanation Co-authored-by: mao-sz <122839503+mao-sz@users.noreply.github.com> --- nodeJS/express/forms_and_data_handling.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodeJS/express/forms_and_data_handling.md b/nodeJS/express/forms_and_data_handling.md index ac43692b0ea..83ee4380f07 100644 --- a/nodeJS/express/forms_and_data_handling.md +++ b/nodeJS/express/forms_and_data_handling.md @@ -397,7 +397,7 @@ exports.usersCreatePost = [ ]; ``` -You might notice that we are using the [`matchedData()`](https://express-validator.github.io/docs/api/matched-data) function to access our validated data. While it is a little verbose and `req.body` is mutable, `req.query`, in particular, is not in the current version of Express (v5). You might still need to change these data once validated and/or sanitized. Therefore, you should access them through `matchedData()` for consistency. +We retrieve all validated data via the [`matchedData()`](https://express-validator.github.io/docs/api/matched-data) function to ensure all the data we get will include any sanitization done (such as trimmed data). And now, we need to update our `createUser.ejs` view to render these errors. Let's create a new partial. Inside the `views` folder, create a new folder called `partials` and inside it, create `errors.ejs`: