Use query builder to replace explicit SQL queries in API #16
Description
Problem description
In all the API endpoints involving database operations, explicit SQL queries are used. This can be problematic to maintain and refactor e.g insert statements., and can also be vulnerable to injection attacks.
Suggested solution
A query builder may be a more efficient solution for database operations in the API. It is more flexible than an ORM which may be opinionated. Knex is our query builder of choice. It is reliable, well-maintained, and has good documentation.
Requirements
Refactor all of the API endpoints that use explicit SQL queries to use Knex query builder. These include:
- get_users
- index_of_topics
- get_test_counts
- get_responses
- get_test_marks
- submit_test
- overwrite_test
- submit_ext_eval
- user_testcheck
Ensure that the library is imported correctly, and is included in the application dependencies