less duplicated headers in the sql-injection samples

Author: erik-krogh

javascript/ql/src/Security/CWE-089/SqlInjection.inc.qhelp

@@ -80,14 +80,14 @@ to ensure that the user input is interpreted as a literal value
 and not as a query object:
 </p>
 
-<sample src="examples/NoSqlInjectionFix2.js" />
+<sample src="examples/NoSqlInjectionFix.js" />
 
 <p>
 Alternatively check that the user input is a
 literal value and not a query object before using it:
 </p>
 
-<sample src="examples/NoSqlInjectionFix.js" />
+<sample src="examples/NoSqlInjectionFix2.js" />
 </example>
 
 <references>

javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix.js

@@ -1,14 +1,3 @@
-const express = require("express");
-const mongoose = require("mongoose");
-const Todo = mongoose.model(
-  "Todo",
-  new mongoose.Schema({ text: { type: String } }, { timestamps: true })
-);
-
-const app = express();
-app.use(express.json());
-app.use(express.urlencoded({ extended: false }));
-
 app.delete("/api/delete", async (req, res) => {
   let id = req.body.id;
   await Todo.deleteOne({ _id: { $eq: id } }); // GOOD: using $eq operator for the comparison

javascript/ql/src/Security/CWE-089/examples/NoSqlInjectionFix2.js

@@ -1,14 +1,3 @@
-const express = require("express");
-const mongoose = require("mongoose");
-const Todo = mongoose.model(
-  "Todo",
-  new mongoose.Schema({ text: { type: String } }, { timestamps: true })
-);
-
-const app = express();
-app.use(express.json());
-app.use(express.urlencoded({ extended: false }));
-
 app.delete("/api/delete", async (req, res) => {
   let id = req.body.id;
   if (typeof id !== "string") {