Chapter 8: Query Strings in Dart

Parse and use query parameters. In this chapter, you will learn query strings in depth with Dart code examples, explanations, and best practices.

Overview

This chapter covers query strings for Kungfu.js developers using Dart. We will start with the basics, move through practical examples, and end with advanced techniques and common pitfalls.

Why This Matters

Understanding query strings is essential because it is a core part of building web applications. Every real-world app needs to handle parse and use query parameters. Skipping this chapter would leave a gap in your knowledge that would cause problems later.

Code Example

Here is how to work with databases in Dart:

// Database example
let db = Db::connect(&DbConfig {
    url: "sqlite::memory:".into(),
    max_connections: 5,
    min_connections: 1,
}).await?;

How the ORM Works

The Kungfu.js ORM uses parameterized queries. This means user input never gets interpolated into SQL strings. Instead, placeholders like $1, $2 are used, and the actual values are passed separately. This makes SQL injection impossible.

For example, if you search for a user by email, the ORM generates: SELECT * FROM users WHERE email = $1 and passes the email value as a parameter. Even if the email contains SQL code like ' OR 1=1 --, it is treated as a plain string, not as SQL.

Common Mistakes

  • Not reading the documentation: Always check the API reference when something does not work as expected.
  • Skipping security: Never disable the default middleware unless you have a very good reason. Security is not optional.
  • Not testing: Write tests for your handlers. Kungfu.js makes this easy with the built-in test utilities.

Summary

In this chapter, you learned about query strings in Dart. You saw code examples, understood how things work under the hood, and learned about common mistakes to avoid.

What is Next?

In chapter 9, we will cover HTTP Methods: GET, POST, PUT, DELETE, PATCH explained.