TechQA.

node-mssql SQL injection warning when executing stored procedure with UPDATE statement

615 views Asked by At

I tried to execute a stored procedure in node-mssql that performs a SQL update:

Javascript code :

const request = new sql.Request();
request.input('name', sql.NVarChar, req.body.name);
request.input('id',  sql.BigInt, req.body.id);
await sql.connect(config);
await request.execute('Update_Name');

But the above code returns a SQL injection error:

{
    "code": "EINJECT",
    "name": "RequestError"
}

I can't find any reference in the docs on how to negate SQL injections when working with stored procedures?

I'm guessing my input values are the problem? I can't see from the documentation what extra steps I need to take? Or the recommend approach?

Any help would be much appreciated.

sql-server stored-procedures node-mssql
Original Q&A
0

There are 0 answers

Related Questions in SQL-SERVER

Related Questions in STORED-PROCEDURES

Related Questions in NODE-MSSQL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions