Forum | Appery.io

Do you have any advice on how to treat variable inputs before they are fed to the database in order to prevent SQL injection attacks?

For instance,

(1) people will be entering their username and password to login to their accounts in my app. Anything I should do to those variable before they are processed by the database?

(2) people will be entering notes in a text field into the database. how to clean those inputs before database entry?

Hello!
1) If you are talking about Appery.io DB, it's noSQL DB, you can access it through REST API. There can't be any injection.
2) If you are talking about your DB and your service - all validation and data cleaning should be done on server side. Validation on client side is useless.

Good to know. I was talking about the Appery DB. Thank you.

Maryna, can you post some documentation on server side javascript? I'm particularly interested in data cleaning and data checking. For example, how would you check to see if ia field is null or empty?
I tried

if(name == '' || name == null)

but it doesn't work

Hello Deki,

Please look here:
http://docs.appery.io/documentation/b...
http://docs.appery.io/tutorials/creat...