How to Prevent SQL Injection Attacks in Node.js

แชร์
ฝัง
  • เผยแพร่เมื่อ 22 ธ.ค. 2024

ความคิดเห็น • 10

  • @marcionitao3029
    @marcionitao3029 2 ปีที่แล้ว +2

    Hey man, you are amazing, thanks for the excellent explanation, everything seems to be so easy. What theme are you using?

  • @toshitsingh7270
    @toshitsingh7270 2 ปีที่แล้ว

    Thanks for this detailed video, appreciate it 👍

  • @deepeshpakhare
    @deepeshpakhare 21 วันที่ผ่านมา

    I use Monggose ORM to inetract with MongoDB database. Is it enough too make my app immune to NoSql Injection?

  • @shadmanfatin777
    @shadmanfatin777 ปีที่แล้ว +1

    Sir, I have a question. Can you please answer? Here you have talked about 3 techniques to prevent sql injections. But if we use only the placeholders using the '?' sign, then do we need to apply the other 2 techniques? Isn't using placeholders enough to prevent sql injections?

    • @j1000a
      @j1000a 5 หลายเดือนก่อน

      Using a placeholder merely ensures that the input is treated as a string and not extra SQL. But you're still giving the user way too much control. What if the input is treated as a username?
      SELECT * FROM USER WHERE USERNAME = 'JOHNDOE'
      could easily be changed to
      SELECT * FROM USER WHERE USERNAME = 'JANEROE'
      or even
      SELECT * FROM USER WHERE USERNAME = 'ADMINISTRATOR'
      So a placeholder might be sufficient in some cases, but it heavily depends on your situation.
      Using it in combination with his other techniques makes for a better checklist of things one should always do.

    • @shadmanfatin777
      @shadmanfatin777 4 หลายเดือนก่อน

      ​​@@j1000a didnt understand ur example. Using placeholders seems 100% secure.

    • @habibosaye
      @habibosaye หลายเดือนก่อน

      @@shadmanfatin777 Godspeed to yourself/your employer 💀

    • @shadmanfatin777
      @shadmanfatin777 หลายเดือนก่อน

      ​@@habibosaye wdym?

  • @karthikeyasoft
    @karthikeyasoft ปีที่แล้ว

    if use ? right, at the time we need to use only one params right , if we need to check more than one it will execute or what.

  • @jorgedavalos5663
    @jorgedavalos5663 2 ปีที่แล้ว

    wheres the linked video?