Our great sponsors
-
I've never used pg-promise, but its readme has a section on Query Formatting that looks like what you need. It seems similar to Postgres parameterized queries -- you provide your queries with some special syntax that tells the library which parts of the SQL string should be replaced with your variables. It will then take care of protecting you from SQL injection.
-
sql-template-strings is a really simple and elegant solution for parameterized queries.
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.