Learn

Great job! You now know some techniques to protect against SQL injections! SQL injection is a dangerous vulnerability and preventative measures should be implemented to make your database driven apps safe and secure.

The main techniques we covered in the lesson are:

  • Input sanitization using Validator.js to validate expected user inputs as well as to clean data inputs before sending it to the SQL engine
  • Using prepared statements with placeholders to ensure that SQL queries are properly escaped.

In the workspace to the right is a web form that takes an email address as input. When an email is submitted, the server will normalize the submitted email value using Validator.js and then used in the a parameterized query. These steps will make the database query more flexible and secure by preventing SQL injections.

Instructions

Start the server using node app.js. Then try submitting a SQL injection into the form in the workspace to see how the techniques we covered help protect against SQL injections.

Try submitting these values in the form:

Sign up to start coding

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.
Already have an account?