eslint-plugin-weblint-security/tests/test-files/detect_sql_injection/valid_safe_parameterized_statement.js

ESLint rules for enhanced security - even for React and Node.js!

const mysql = require('mysql');
const readline = require('readline-sync');

const dbConnection = mysql.createConnection({
    host: 'localhost',
    user: 'admin',
    password: 'password',
    database: 'my_db',
});

// Some user input - SQL injection input example: 42 OR 1=1
let phone = readline.question("What is your phone number?\n");

const sql = 'SELECT * FROM users where tlf = ?';

// Connect to the database
dbConnection.connect();

// Execute query
dbConnection.query(sql, [phone], (err, result) => console.log(result));