How to Guard Against SQL Injection
Learn some best practices to guard against SQL injection.
We'll cover the following
How to guard against it
The single requirement for guarding against SQL injection is to sanitize input, also known as escaping. You can escape each input individually or use a better method known as parameter binding. Parameter binding is the way I recommend, as it offers more security. We can use node-postgres, an npm module that is a non-blocking PostgreSQL client for Node.js. We can implement parameter binding with node-postgres easily. Let’s look at the vulnerable update method and fix it. The updated code has been highlighted below.
Get hands-on with 1400+ tech skills courses.