0
0
Node.jsframework~20 mins

Query parameterization for safety in Node.js - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Query Parameterization Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
Why use query parameterization?
Why is query parameterization important when working with databases in Node.js?
AIt prevents SQL injection by separating code from data inputs.
BIt encrypts the database connection for security.
CIt allows queries to be written without any syntax rules.
DIt makes queries run faster by caching results automatically.
Attempts:
2 left
💡 Hint
Think about how user input can affect database commands.
component_behavior
intermediate
2:00remaining
Output of parameterized query execution
Given the following Node.js code using a parameterized query, what will be the output if the user input is "O'Reilly"?
Node.js
const userInput = "O'Reilly";
const query = 'SELECT * FROM authors WHERE last_name = ?';
db.execute(query, [userInput], (err, results) => {
  if (err) throw err;
  console.log(results);
});
AThe query throws a syntax error due to the apostrophe in the input.
BThe query runs successfully and returns authors with last name O'Reilly.
CThe query returns no results because the input is ignored.
DThe query causes a runtime error because parameters are not supported.
Attempts:
2 left
💡 Hint
How does parameterization handle special characters like apostrophes?
📝 Syntax
advanced
2:00remaining
Identify the correct parameterized query syntax
Which of the following Node.js code snippets correctly uses parameterized queries with the mysql2 library?
Adb.execute('SELECT * FROM users WHERE id = $1', userId, callback);
Bdb.query('SELECT * FROM users WHERE id = ' + userId, callback);
Cdb.execute('SELECT * FROM users WHERE id = ?', [userId], callback);
Ddb.query('SELECT * FROM users WHERE id = ?', userId);
Attempts:
2 left
💡 Hint
Check how parameters are passed as an array in mysql2.
🔧 Debug
advanced
2:00remaining
Find the error in this parameterized query code
What error will occur when running this Node.js code snippet using mysql2?
Node.js
const userId = 5;
db.execute('SELECT * FROM users WHERE id = ?', userId, (err, results) => {
  if (err) throw err;
  console.log(results);
});
AReferenceError because userId is not defined.
BNo error; the query runs successfully.
CSyntaxError due to missing semicolon after the query string.
DTypeError because parameters must be passed as an array, not a single value.
Attempts:
2 left
💡 Hint
Check the type of the second argument to execute().
state_output
expert
2:30remaining
Result of multiple parameterized queries with async/await
Consider this async function using mysql2's promise API. What will be logged to the console?
Node.js
async function getUserData(userId) {
  const [rows1] = await db.execute('SELECT * FROM users WHERE id = ?', [userId]);
  const [rows2] = await db.execute('SELECT * FROM orders WHERE user_id = ?', [userId]);
  console.log(rows1.length, rows2.length);
}

getUserData(10);
ATwo numbers showing how many users and orders exist for userId 10.
BAn error because multiple awaits cannot be used in the same function.
CUndefined because rows1 and rows2 are not arrays.
DZero and zero because the queries do not run without a callback.
Attempts:
2 left
💡 Hint
Think about how async/await works with promise-based query execution.