SQL injections are common vulnerabilities that affect applications using SQL as their database language. Hackers can use their knowledge of SQL to construct text inputs that can trick an application and access information they shouldn’t have, change database records, or even take complete control of the system. There are some strategies to prevent SQL injections that can be employed in the back-end code such as input sanitization and creating prepared statements (also known as parameterized queries).
Throughout this lesson we will be examining those two techniques to protect against SQL injection attacks inside a Node.js application.
Look at the demonstration application on the right to see how a SQL injection attack may occur.