rodhoward
commented
7 years ago Hi Rafriki,
This library doesn't protect against sql injection in any way. The query function simply takes an sql string as the argument. You would have to wrap calls to the library with a function of your own that escapes all the arguments and generates the sql string.
I created this library because I found installing some of the other nodejs libraries difficult on some of our legacy machines. It is not designed for production but rather for in house tools that don't need security or performance.
Cheers Rod
rafriki
Hey,
To what extent does the lib escape the queries? Is there any documentation on how it protects against SQL Injection et al?