DEV Community

loading...

Discussion on: An enterprise-style Node.js REST API setup with Docker Compose, Express and Postgres

Collapse
antonioavelar profile image
António Avelar

Hi Hugo,
the way you specified your queries (with template strings), doesn't make your vulnerable to db attacks like SQL Injection?

I also noticed that in order to specify the querie with template strings you used an external lib. That lib just translates the template string into a prepared statement, right?

Collapse
hugo__df profile image
Hugo Di Francesco Author

Yes it does, ergonomics of templates with prepared statements.