SQL

Tips about SQL

SQL Injection

DO NOT pass in parameters to an SQL query directly from user inputs as this can open you up to SQL injections.

For eg, if a user sends id=1; SELECT 1=1; and you pass this into your SQL query directly, this can open up your entire DB for the user to see, or maybe the user sends id=1; DROP TABLE 'users'

So always sanitize the user inputs;

Node Mysql

You can pass in query params into a nunjucks template like done here:

Keep in mind, node-mysql flattens the arrays so you can pass in nested arrays as well.

Data Types

• Use decimals for financial/precise data, floats are not appropriate as they won't store precise data.

  Usage: DECIMAL(6,2) , where you can use 6 total digits, with 2 decimal places of precision. i.e from range 9999.99 to -9999.99.