node-mssql-sqli
mssql
JS SQL statement. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use parameterized statements like so: $REQ.input('USER_ID', mssql.Int, id);
node-postgres-sqli
client.query('SELECT $1 from table', [userinput])
node-mysql-sqli
$IMPORT
SQL statement that comes from a function argument. This could lead to SQL injection if the variable is user-controlled and is not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements.node-knex-sqli
$REQ
object. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, it is recommended to use parameterized queries or prepared statements. An example of parameterized queries like so: knex.raw('SELECT $1 from table', [userinput])
can help prevent SQLi.