SQL injection

[eliasmalik]

the recommended way to avoid SQL injection using pg is to use parameterised queries.

You are making a parameterised query here, that's good:

Week-8-Blogs/src/model/queries.js

Lines 15 to 18 in f73facc

	{
	text: 'SELECT * FROM blogs WHERE id =$1',
	values: [id]
	}, (err, blog) => {

But most of the other queries are like this one:

Week-8-Blogs/src/model/queries.js

Line 34 in f73facc

dbConnec.query(`SELECT * FROM admins WHERE name=${req.body.name}`, (err, admin) => {

Where the values are just substituted directly into the string.