Hi,
Im a new in node-mysql, we just transfer from mongo to mysql,
Q: how to prevent the xss/sql injection ?
i have read about the connection.escape/escapeId
i try this
var post = {id: 1, title: 'Hello MySQL'};
var query = connection.query('INSERT INTO posts SET ?', post, function(err, result) {
// Neat!
});
then i try this one,var post = {
id:2, title: '<script>alert("1");</script>'
};
but it doesn escape/strip tags at all.
any help/suggestion/comments will be appreciated :)
Thank you.
Sorry for my grammar.