How to Identify SQL Injection Attempts from User Facing Text Input in Node.js

With the help of security APIs in our Node.js applications, we can identify security threats before they have a chance to compromise our data.

Using the ready-to-run code examples provided further down the page, we can take advantage of a free API that checks user-facing text input for SQL injection attempts and identifies them in the response body. We’ll receive a response object like the JSON example below:

{
  "Successful": true,
  "ContainedSqlInjectionAttack": true,
  "OriginalInput": "string"
}

To structure our API call, we need to install the SDK — either by running the following command:

npm install cloudmersive-security-api-client --save

Or by adding the following snippet to our package.json:

  "dependencies": {
    "cloudmersive-security-api-client": "^1.2.0"
  }

Then we can use the below code to call the function and check our SQL input for threats:

var CloudmersiveSecurityApiClient = require('cloudmersive-security-api-client');
var defaultClient = CloudmersiveSecurityApiClient.ApiClient.instance;

// Configure API key authorization: Apikey
var Apikey = defaultClient.authentications['Apikey'];
Apikey.apiKey = 'YOUR API KEY';



var apiInstance = new CloudmersiveSecurityApiClient.ContentThreatDetectionApi();

var value = "value_example"; // String | User-facing text input.


var callback = function(error, data, response) {
  if (error) {
    console.error(error);
  } else {
    console.log('API called successfully. Returned data: ' + data);
  }
};
apiInstance.contentThreatDetectionCheckSqlInjectionString(value, callback);

To authorize our API requests, we’ll just need a free-tier API key, which we can get by registering a free account on the Cloudmersive website. This will allow up to 800 API calls per month with no commitments — perfect for protecting applications with low volumes of traffic.