// UNSAFE: Vulnerable to the injection provided const query = "SELECT * FROM articles WHERE topic = '" + userInput + "'"; // SAFE: Parameterized query const query = "SELECT * FROM articles WHERE topic = $1"; const values = [userInput]; db.query(query, values, (err, res) => { // The database treats $1 strictly as data, even if it contains "SELECT PG_SLEEP(5)" }); Use code with caution. Copied to clipboard
A PostgreSQL function that pauses the current session for exactly 5 seconds. -- {KEYWORD};SELECT PG_SLEEP(5)--
For comprehensive testing and prevention guidelines, refer to the OWASP SQL Injection Prevention Cheat Sheet . SQL Injection Cheat Sheet - Invicti // UNSAFE: Vulnerable to the injection provided const
: This is the most effective defense. It separates the SQL command from the data, ensuring input is never executed as code. SQL Injection Cheat Sheet - Invicti : This