Log in from a computer to take this course

You'll need to log in from a computer to start Defending Node Applications from SQL Injection, XSS, & CSRF Attacks. But you can practice or keep up your coding streak with the Codecademy Go app. Download the app to get started.

apple storegoogle store

Great job! You now know some techniques to protect against SQL injections! SQL injection is a dangerous vulnerability and preventative measures should be implemented to make your database-driven apps safe and secure.

The main techniques we covered in the lesson are:

  • Input sanitization using validator.js to validate expected user inputs as well as to clean data inputs before sending them to the SQL engine.
  • Using prepared statements with placeholders to ensure that SQL queries are properly escaped.

In the workspace to the right is a web form that takes an email address as input. When an email is submitted, the server will normalize the submitted email value using Validator.js and then use the value in a parameterized query. These steps will make the database query more flexible and secure by preventing SQL injections.


Start the server using node app.js. Then try submitting a SQL injection into the form in the workspace to see how the techniques we covered help protect against SQL injections.

Try submitting these values in the form:

Sign up to start coding

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?