SQL
Tips about SQL #
SQL Injection #
DO NOT pass in parameters to an SQL query directly from user inputs as this can open you up to SQL injections.
For eg, if a user sends id=1; SELECT 1=1;
and you pass this into your SQL query directly, this can open up your entire DB for the user to see, or maybe the user sends id=1; DROP TABLE 'users'
So always sanitize the user inputs;
Node Mysql #
You can pass in query params into a nunjucks template like done here:
Keep in mind, node-mysql flattens the arrays so you can pass in nested arrays as well.
Data Types #
-
Use decimals for financial/precise data, floats are not appropriate as they won't store precise data.
Usage:
DECIMAL(6,2)
, where you can use 6 total digits, with 2 decimal places of precision. i.e from range 9999.99 to -9999.99.