archive-gh-me/node-postgres
1
0
Fork 0
mirror of https://github.com/brianc/node-postgres.git synced 2026-01-18 15:55:05 +00:00
Code Issues Projects Releases Wiki Activity

Updated FAQ (markdown)

brianc 2014-10-22 07:30:36 -07:00
parent 64c3332bf8
commit 665fb993fe
1 changed files with 2 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
FAQ.md

@ -100,7 +100,8 @@ Yeah, you can do this as so:
```js
//let's pretend we have a user table with the 'id' as the auto-incrementing primary key
client.query('INSERT INTO users(password_hash, email) VALUES($1, $2) RETURNING id', ['abdddadfcadfaedesdf', 'test@te.st'], function(err, result) {
var queryText = 'INSERT INTO users(password_hash, email) VALUES($1, $2) RETURNING id'
client.query(queryText, ['841l14yah', 'test@te.st'], function(err, result) {
if(err) //handle error
else {
var newlyCreatedUserId = result.rows[0].id;
@ -108,15 +109,6 @@ client.query('INSERT INTO users(password_hash, email) VALUES($1, $2) RETURNING i
});
```
Or using the evented approach:
```js
client.query('INSERT INTO users(password_hash, email) VALUES($1, $2) RETURNING id', ['abdddadfcadfaedesdf', 'test@te.st'])
.on('row', function (row) {
var newlyCreatedUserId = row.id;
});
```
### 8. Does node-postgres handle SQL injection?
Absolutely! The parameterized query support in node-postgres is first class. All escaping is done by the postgresql server ensuring proper behavior across dialects, encodings, etc... For example, this will not inject sql: