Sanitizing input in Express using express-validator

In the world of running a public-facing server, it’s crucial to never trust the input you receive. Even though you may have implemented client-side code to sanitize and block any weird input, there are still ways for people to manipulate and exploit your server. That’s why it’s important to sanitize your input. Luckily, the express-validator package that you already use for input validation can also be used for sanitization. Let’s say you have a POST endpoint that accepts parameters like name, email, and age:...

SQL Injection: Protecting Your Application from Attacks

SQL injection poses a significant threat to database-driven applications that rely on SQL queries. The vulnerability lies in the lack of input sanitization, which allows attackers to manipulate the queries’ behavior. Let’s take a look at a simple Node.js example to understand how SQL injection can occur: const color = // coming from user input const query = `SELECT * FROM cars WHERE color = '${color}'` In this case, if the value of color is a legitimate color like “red” or “blue”, the query works as intended....