Great job! You now know some techniques to protect against SQL injections! SQL injection is a dangerous vulnerability and preventative measures should be implemented to make your database driven apps safe and secure.
The main techniques we covered in the lesson are:
- Input sanitization using Validator.js to validate expected user inputs as well as to clean data inputs before sending it to the SQL engine
- Using prepared statements with placeholders to ensure that SQL queries are properly escaped.
In the workspace to the right is a web form that takes an email address as input. When an email is submitted, the server will normalize the submitted email value using Validator.js and then used in the a parameterized query. These steps will make the database query more flexible and secure by preventing SQL injections.