Skip to content

Instantly share code, notes, and snippets.

Last active May 25, 2019 04:01
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save jearl4/f89b520ec410781cfc0747d261b72d60 to your computer and use it in GitHub Desktop.
Using prepared statements to protect against SQLI
function authenticate(req, res, next){
const username = req.query.username,
password = req.query.password
let preparedStatement = new sql.PreparedStatment(),
sqlQuery = "select * from users where (username = @username and password = @password)"
preparedStatement.input('username', sqlVarChar(50))
preparedStatement.input('password', sqlVarChar(50))
return preparedStatement.execute({username: username, password: password})
if(recordset.length == 1){
loggedIn = true
//successful log in
} else {
//authentication failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment