DEV Community


Discussion on: An enterprise-style Node.js REST API setup with Docker Compose, Express and Postgres

antonioavelar profile image
António Avelar

Hi Hugo,
the way you specified your queries (with template strings), doesn't make your vulnerable to db attacks like SQL Injection?

I also noticed that in order to specify the querie with template strings you used an external lib. That lib just translates the template string into a prepared statement, right?

hugo__df profile image
Hugo Di Francesco Author

Yes it does, ergonomics of templates with prepared statements.