Preparing SQL queries

app.js

// before
db.all(`SELECT * FROM POSTS WHERE ID = ${req.params.id};`, function(
    err,
    row
  ) {
    res.send(row);
  });

// after

const stmt = db.prepare("SELECT * FROM POSTS WHERE ID = ?");
  stmt.all(req.params.id, function(err, rows) {
    res.send(rows);
  });