Tips about SQL #

SQL Injection #

DO NOT pass in parameters to an SQL query directly from user inputs as this can open you up to SQL injections.

For eg, if a user sends id=1; SELECT 1=1; and you pass this into your SQL query directly, this can open up your entire DB for the user to see, or maybe the user sends id=1; DROP TABLE 'users'

So always sanitize the user inputs;

Node Mysql #

You can pass in query params into a nunjucks template like done here:

Keep in mind, node-mysql flattens the arrays so you can pass in nested arrays as well.

Data Types #