Pg (node-postgres) automatically sanitizes data

Question

Pg (node-postgres) automatically sanitizes data

I am using node-postgres for a production application, and I am wondering if there is anything I should worry about? Automatically deactivate data using node-postgres ?

I could not find anything about this on the github page: https://github.com/brianc/node-postgres

+5

node.js pg node-postgres

Luke schlangen Jan 4 '17 at 3:02

source share

2 answers

Absolutely! Support for parameterized query in node deliveries is the first class. All screening is performed by the postgresql server, which ensures the correct behavior in dialects, encodings, etc. For example, this will not enter sql:

This is from the documentation .

+4

Tuan anh tran Jan 4 '17 at 3:49

source share

vitaly-t · Accepted Answer · 2017-01-04T10:27:21+0000

It depends on how you fulfill your requests:

Formatting through Prepared Statements is done by the server, which, in turn, deactivates your query from any SQL injection. But it has other restrictions, for example, you cannot execute more than one query at a time, and if necessary you cannot provide unacceptable entity names.

Normal query formatting is sanitized for values, and although it provides flexibility in formatting entity names and multiple queries, it does not provide protection against SQL injection.

Pg (node-postgres) automatically sanitizes data

More articles: