Which of the following is the correct way to use parameterized queries in Node.js to prevent SQL injection?connection.query('SELECT * FROM users WHERE id = ?', [userId], function (err, results) {...});connection.query('SELECT * FROM users WHERE id = ' + userId, function (err, results) {...});connection.query('SELECT * FROM users WHERE id = %d', userId, function (err, results) {...});connection.query('SELECT * FROM users WHERE id IS ?', userId, function (err, results) {...});
Question
Which of the following is the correct way to use parameterized queries in Node.js to prevent SQL injection?connection.query('SELECT * FROM users WHERE id = ?', [userId], function (err, results) {...});connection.query('SELECT * FROM users WHERE id = ' + userId, function (err, results) {...});connection.query('SELECT * FROM users WHERE id = %d', userId, function (err, results) {...});connection.query('SELECT * FROM users WHERE id IS ?', userId, function (err, results) {...});
Solution 1
The correct way to use parameterized queries in Node.js to prevent SQL injection is:
connection.query('SELECT * FROM users WHERE id = ?', [userId], function (err, results) {...});
This method uses placeholders ('?') for parameters in SQL queries and then provides an array of values as the second argument to the query function. This ensures that the values are properly escaped, thus preventing SQL injection attacks. The other methods provided in the question are not safe as they do not properly escape the input, leaving the application vulnerable to SQL injection.
Solution 2
The correct way to use parameterized queries in Node.js to prevent SQL injection is:
connection.query('SELECT * FROM users WHERE id = ?', [userId], function (err, results) {...});
This method uses placeholders ('?') for parameters in SQL queries and then provides an array of values in the same order as the placeholders. This ensures that the values are properly escaped, preventing SQL injection attacks.
Similar Questions
Which of the following is a correct way to handle errors when executing a query in Node.js?connection.query(sql, function(err, results) { if (err) throw err; });connection.query(sql, function(error, results) { if (error) throw error; });connection.query(sql, function(err, results) { if (err) return; });connection.query(sql, function(error, results) { if (error) return; });
What method is used to execute a SQL query in Node.js using the MySQL package?connection.run()connection.execute()connection.query()connection.command()
Which of the following is used to interact with MySQL in Node.js?(1 Point)mysqlsequelizeknexall of the above
Which of the following do NOT protect against SQL injection attacks?A ) Linq to SQL queries that use Table<T> IQueryable methods.B ) None of these answers are correctC ) EF Core FromSqlInterpolated statements with parameters directly in the interpolated string.D ) Sanitizing untrusted user inputsE ) ADO.Net SqlExecute statements that use strongly-typed parameter
Question11Max. score: 2.00What would you implement to avoid SQL Injection?Prepared statements or parameterized queries, input validationEffective error handlingStop using a databaseProper access controlReset Answer
Upgrade your grade with Knowee
Get personalized homework help. Review tough concepts in more detail, or go deeper into your topic by exploring other relevant questions.