What is SQL injection and how do you prevent it in a Node.js application using a query builder or ORM?

Question

Node.js Developer — Hard

What is SQL injection and how do you prevent it in a Node.js application using a query builder or ORM?

Accepted Answer

SQL injection is a security attack where malicious SQL is inserted into queries via user input, potentially leading to unauthorized access or data manipulation. Using parameterized queries or prepared statements in Node.js applications helps prevent this by ensuring user input is treated as data, not executable code.