SQL

Tips about SQL #

SQL Injection #

DO NOT pass in parameters to an SQL query directly from user inputs as this can open you up to SQL injections.

For eg, if a user sends id=1; SELECT 1=1; and you pass this into your SQL query directly, this can open up your entire DB for the user to see, or maybe the user sends id=1; DROP TABLE 'users'

So always sanitize the user inputs;

Node Mysql #

You can pass in query params into a nunjucks template like done here:

Keep in mind, node-mysql flattens the arrays so you can pass in nested arrays as well.

Data Types #

• Use decimals for financial/precise data, floats are not appropriate as they won't store precise data.

  Usage: DECIMAL(6,2) , where you can use 6 total digits, with 2 decimal places of precision. i.e from range 9999.99 to -9999.99.

• Next: The Pragmatic Programmer - Andrew Hunt and Dave Thomas
• Previous: Interview Tips and tricks