To prevent SQL injection in Node.js, we use the node-mysql-native library.
For instance, we write
const userId = 5;
const query = connection.query(
"SELECT * FROM users WHERE id = ?",
[userId],
(err, results) => {
//....
}
);
to make a select query with the query method.
? is a placeholder for userId.
Therefore, results would be the query result for the
SELECT * FROM users WHERE id = 5
command.
