How to protect against sql injection with url.parse

Question

I am very new to node.js and mongodb. I have a page getting query strings with

var queries = url.parse(req.url,true).query;

and I write them into database using mongoskin module. Do I have to do something against sql injection?

Answer 1

http://docs.mongodb.org/manual/faq/developers/#how-does-mongodb-address-sql-or-query-injection

You don't need to worry about traditional SQL Injection in MongoDB or any kind of query injection with the code you have above. Only these commands:

• $where
• db.eval()
• mapReduce
• group

will allow execution of JavaScript and would be unsafe if using user-provided data.