How do I prevent SQL injection in this function? I am using pg-promise

This page summarizes the projects mentioned and recommended in the original post on /r/node

Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • pg-promise

    PostgreSQL interface for Node.js

    I've never used pg-promise, but its readme has a section on Query Formatting that looks like what you need. It seems similar to Postgres parameterized queries -- you provide your queries with some special syntax that tells the library which parts of the SQL string should be replaced with your variables. It will then take care of protecting you from SQL injection.

  • node-sql-template-strings

    ES6 tagged template strings for prepared SQL statements 📋

    sql-template-strings is a really simple and elegant solution for parameterized queries.

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts