Web forms present a security vulnerability on websites where hackers can potentially interact with a database. A seemingly harmless form or URL parameters can be a place for hackers to inject malicious code to a server.

One method of preventing SQL injection is to sanitize inputs. Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs before using them.

validator.js is a library of string validators and sanitizers that can be used server-side with Node.js. validator.js can be used to validate forms and sanitize inputs before using a form value in the application code.

Note that there is a package named express-validator that wraps validator.js functions for use in express applications.

In the next exercises, we’ll differentiate between input validation and input cleaning. We’ll apply these techniques on a simple web app.