Home > Software engineering >  I need to know about prevent sql injection on NodeJS sequelize ORM
I need to know about prevent sql injection on NodeJS sequelize ORM

Time:09-26

I am a beginner nodejs sequelize ORM. I want to know how to prevent sql injection on NodeJS sequelize ORM.

example

I have a route like http://localhost:3000/admin/video/edit/5 and controller looks like

    albumEdit: async (req, res) => {
        const editInfoId = req.params.id;
        await Movie.findOne({ where: { id: editInfoId } }).then((movie) => {
            if (movie) {
                res.render('admin/movies/edit', { title: 'Edit Movie On Page One', movie });
            }
        });
    },

now I need to know how to protect DB from SQL injection?

CodePudding user response:

Indicating { where: { id: editInfoId } } you already avoided SQL injection because Sequelize treats id value as a static string passing it as a parameter to underlying SQL query.

Using where option without any SQL-query pieces concatenated from strings when some of them passed from a non-trusted source would be a good start to avoid SQL injections.

Try to use only simple object-like conditions (like you did above) or with some combinations of operators from Sequelize.Op.

Page link:https//www.codepudding.com/Softwareengineering/127714.html

Prev:Is it possible to make a batch insert/update if the uniqueness of the record is a bundle of two fiel
Next:Strange error in Asp.Net Core 5.0 on Linux "Value cannot be null. (Parameter 'connectionSt
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding