node-odbc icon indicating copy to clipboard operation
node-odbc copied to clipboard
verified publisher icon w1nk

How does odbc handle sql injection

Open ranjithchev opened this issue 7 years ago • 2 comments

Hi

I'm using odbc to connect to sql server from linux in my node application. I know that mssql module has built in sql injection protection when we parameterize the queries. How does it work with odbc module?

Thanks Ranjith

ranjithchev avatar Jul 17 '18 21:07 ranjithchev

Using parameters and question marks will use ODBC's internal handling of parameter replacement in SQL queries.

Example:

db.querySync('select * from users where user_id = ?', [1234]);

https://github.com/wankdanker/node-odbc#querysqlquery--bindingparameters-callback

Hope this helps.

wankdanker avatar Jul 26 '18 12:07 wankdanker

Thank you very much. This helps.

ranjithchev avatar Aug 08 '18 17:08 ranjithchev