How to escape/sanitize in nodejs for sql

 https://github.com/mysqljs/mysql#escaping-query-values


var userId = 'some user provided value';
var sql    = 'SELECT * FROM users WHERE id = ' + connection.escape(userId);
connection.query(sql, function (error, results, fields) {
  if (error) throw error;
  // ...
});
Email Post

Comments

Post a Comment