Great job! You now know some techniques to protect against SQL injections! SQL injection is a dangerous vulnerability and preventative measures should be implemented to make your database-driven apps safe and secure.
The main techniques we covered in the lesson are:
- Input sanitization using
validator.jsto validate expected user inputs as well as to clean data inputs before sending them to the SQL engine.
- Using prepared statements with placeholders to ensure that SQL queries are properly escaped.
In the workspace to the right is a web form that takes an email address as input. When an email is submitted, the server will normalize the submitted email value using Validator.js and then use the value in a parameterized query. These steps will make the database query more flexible and secure by preventing SQL injections.