Learn

Great job! You now know some techniques to protect against SQL injections! SQL injection is a dangerous vulnerability and preventative measures should be implemented to make your database-driven apps safe and secure.

The main techniques we covered in the lesson are:

  • Input sanitization using validator.js to validate expected user inputs as well as to clean data inputs before sending them to the SQL engine.
  • Using prepared statements with placeholders to ensure that SQL queries are properly escaped.

In the workspace to the right is a web form that takes an email address as input. When an email is submitted, the server will normalize the submitted email value using Validator.js and then use the value in a parameterized query. These steps will make the database query more flexible and secure by preventing SQL injections.

Instructions

Start the server using node app.js. Then try submitting a SQL injection into the form in the workspace to see how the techniques we covered help protect against SQL injections.

Try submitting these values in the form:

Sign up to start coding

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?