0
0
Expressframework~5 mins

Raw queries when needed in Express - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Recall & Review
beginner
What is a raw query in the context of Express and databases?
A raw query is a direct database command written in SQL or the database's native language, sent without using an ORM or query builder. It lets you run custom commands when needed.
Click to reveal answer
beginner
Why might you use raw queries instead of ORM methods in Express?
You use raw queries when you need more control, complex queries, or better performance that ORM methods can't easily provide.
Click to reveal answer
intermediate
How do you safely include user input in raw queries to avoid security risks?
You use parameterized queries or placeholders to safely insert user input, preventing SQL injection attacks.
Click to reveal answer
intermediate
Show a simple example of a raw query using Express with a PostgreSQL client.
Example: client.query('SELECT * FROM users WHERE id = $1', [userId]) runs a raw SQL query with a parameter to safely get a user by id.
Click to reveal answer
beginner
What is a risk of using raw queries without care in Express apps?
Using raw queries without parameterization can lead to SQL injection, where attackers can run harmful commands on your database.
Click to reveal answer
What is the main reason to use raw queries in Express apps?
ATo avoid writing any SQL code
BTo run complex or custom database commands not supported by ORM
CTo automatically sanitize all user inputs
DTo speed up server startup time
Which method helps prevent SQL injection when using raw queries?
AUsing parameterized queries or placeholders
BWriting queries as plain strings with user input directly
CDisabling database logging
DUsing only GET requests
In Express, which package is commonly used to run raw SQL queries with PostgreSQL?
Abody-parser
Bexpress-session
Cpg
Dcors
What is a downside of using raw queries too often in your Express app?
AThey can make code harder to maintain and less portable
BThey always run slower than ORM methods
CThey automatically encrypt data
DThey prevent database connections
Which of these is NOT a good practice when using raw queries?
AHandling errors properly
BUsing placeholders for user input
CTesting queries carefully
DDirectly inserting user input into query strings
Explain what raw queries are and when you might need to use them in an Express app.
Think about when ORM tools might not be enough.
You got /3 concepts.
    Describe how to safely include user input in raw queries to avoid security problems.
    Focus on how to keep your database safe.
    You got /3 concepts.