This week we connected our knowledge of Node.js with the skills we built in the Intro to Databases class using the node-mysql package. Of course preventing SQL injection was emphasized. If user input is not properly escaped, anyone could inject their own SQL queries and gain access to the entire database–they could even drop an entire schema worth of tables.
There are two methods for escaping user input. One involves calling the mysql.escape method from the (mysql npm package) on user input. The other method involves using a question mark placeholder for user inputted values, which are then passed in as arguments into the query.