node-mssql


Dynamically create safe queries


I'm currently using the node-mssql package: https://www.npmjs.com/package/mssql, and this question is somewhat specific to it.
The 2 main methods of running queries I am using are .execute (stored procedures), and .query (regular queries). I am currently pre-defining all input as recommended by the module.
request.input('Name', sql.VarChar, newProduct.productName);
request.input('Quantity', sql.Decimal, newProduct.productQuantity);
....
request.query('INSERT INTO Products VALUES (#Name, #Quantity)', function (err) {
console.log("Query completed");
console.log(err);
});
My problem now is i'm trying to create an interface that would allow the user to create a table, and do some predefined actions such as add/delete records on their newly created table.
While I have a few idea as to how I could get column names, datatypes, etc. and generate the inputs and query, it seems like a lengthy process for a somewhat simple task.
My question is: Is there any injection protection provided without parameterising the inputs? The documentation often states "All values are automatically sanitized against sql injection.". However most of the focus seems to be on paramaterised inputs. Or am I missing an already existing way to dynamically create safe queries using passed in key(column)/value pairs?
From my understanding of question guidelines, this is on the fringes of an "acceptable question", so apologies if this is a bit too general.

Related Links

Dynamically create safe queries

Categories

HOME
grok
c++11
wakanda
gpu
twig
character-encoding
rsa
yahoo-finance
components
mstest
knitr
owl-carousel
r-googlesheets
ms-access-2016
nsbundle
ado.net
spring-session
android-json
odoo-8
modal-dialog
mod-security
alamofire
cmdb
filechannel
shortest-path
undertow
named-entity-recognition
react-toolbox
exploit
aggregation
highstock
jquery-callback
appirater
failover
code-snippets
servicestack-text
apiary.io
wurfl
imagenet
timing
mongoose-schema
ogc
xv6
datacachefactory
contract
show-hide
oim
dbcontext
dtsearch
page-replacement
arq
wpas
modelsim
css-transforms
oozie-coordinator
type-theory
template-toolkit
filenet
sandcastle
visual-studio-2008-sp1
slackware
reporting-services-2012
parfor
lrs
spring-cloud-feign
gogs
pre-build-event
shopping
stream-processing
user-management
decimalformat
fuelcms
omnifaces
j-security-check
apache-spark-1.3
at-job
structuremap3
contrast
raygun
radiant
ie8-compatibility-mode
mvc-editor-templates
abstract-data-type
dolby-audio-api
diem
android-icons
server-administration
cascadingdropdown
resource-management
wimax
cakephp-1.2
correlated-subquery
extconf.rb
objectquery
lambdaj
ilasm
strsep
cuteeditor
dot-emacs
rowlex
visualj#
scrubyt
wysiwym
perl5.12
lemmatization

Resources

Database Users
RDBMS discuss
Database Dev&Adm
javascript
java
csharp
php
android
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App