jawj
commented
7 months ago For Client and Pool it's exactly the same deal as for node-postgres: parameterized queries using $1, $2, etc.
See documentation here: https://node-postgres.com/features/queries#parameterized-query
Documentation says that I can avoid sql injections by calling sql as the tag function. I couldn't find any information on how to avoid sql injections for Client and Pool queries. Could you recommend some solution? For example, squid/pg exports sql method directly from the library and pg provides utilities to avoid sql injections.