0
0
Expressframework~20 mins

Raw queries when needed in Express - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Raw Query Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
Output of raw SQL query execution in Express
Consider this Express route using a raw SQL query with a database client. What will be the output sent to the client?
Express
app.get('/users', async (req, res) => {
  const result = await db.query('SELECT name FROM users WHERE id = $1', [1]);
  res.send(result.rows[0].name);
});
A"[object Object]"
BSyntaxError
C"John"
Dundefined
Attempts:
2 left
💡 Hint
Think about how the query result is structured and how to access the first user's name.
component_behavior
intermediate
2:00remaining
Behavior of raw query with parameter injection
What happens if a raw SQL query in Express is constructed by concatenating user input directly, like this?
Express
app.get('/search', async (req, res) => {
  const term = req.query.term;
  const query = `SELECT * FROM products WHERE name LIKE '%${term}%'`;
  const result = await db.query(query);
  res.json(result.rows);
});
AIt returns an empty array always.
BIt safely escapes user input to prevent SQL injection.
CIt throws a syntax error due to template literals.
DIt works but is vulnerable to SQL injection attacks.
Attempts:
2 left
💡 Hint
Think about what happens when user input is directly inserted into SQL strings.
📝 Syntax
advanced
2:00remaining
Correct syntax for parameterized raw query in Express
Which option shows the correct way to write a parameterized raw SQL query using a PostgreSQL client in Express?
Adb.query('SELECT * FROM users WHERE id = ?', [userId]);
Bdb.query('SELECT * FROM users WHERE id = $1', [userId]);
Cdb.query('SELECT * FROM users WHERE id = :userId', { userId });
Ddb.query('SELECT * FROM users WHERE id = $userId', [userId]);
Attempts:
2 left
💡 Hint
PostgreSQL uses $1, $2 placeholders for parameters.
🔧 Debug
advanced
2:00remaining
Debugging error from raw query in Express
This Express route throws an error when running a raw query. What is the cause?
Express
app.get('/orders', async (req, res) => {
  const result = await db.query('SELECT * FROM orders WHERE date = $1', [req.query.date]);
  res.json(result.rows);
});
AThe parameter should be passed as an array, not a string.
BThe SQL query syntax is invalid.
CThe 'date' field does not exist in the 'orders' table.
DThe route handler is missing async keyword.
Attempts:
2 left
💡 Hint
Check how parameters are passed to the query function.
🧠 Conceptual
expert
2:00remaining
Why use raw queries in Express apps?
Which reason best explains when you should use raw SQL queries in an Express app instead of an ORM?
AWhen you need complex queries or performance optimizations not supported by the ORM.
BWhen you want to avoid writing any SQL and rely fully on JavaScript.
CWhen you want to automatically generate database schemas from models.
DWhen you want to ensure complete database abstraction without any SQL knowledge.
Attempts:
2 left
💡 Hint
Think about the trade-offs between ORMs and raw SQL.