Great job! You now know some techniques to protect against SQL injections! SQL injection is a dangerous vulnerability and preventative measures should be implemented to make your database-driven apps safe and secure.
The main techniques we covered in the lesson are:
- Input sanitization using
validator.js
to validate expected user inputs as well as to clean data inputs before sending them to the SQL engine. - Using prepared statements with placeholders to ensure that SQL queries are properly escaped.
In the workspace to the right is a web form that takes an email address as input. When an email is submitted, the server will normalize the submitted email value using Validator.js and then use the value in a parameterized query. These steps will make the database query more flexible and secure by preventing SQL injections.
Instructions
Start the server using node app.js
. Then try submitting a SQL injection into the form in the workspace to see how the techniques we covered help protect against SQL injections.
Try submitting these values in the form:
[email protected]
[email protected]
1' OR '1' = '1