1Never concatenate inputs
If you build an insert string in Node like this: "INSERT INTO users (name) VALUES ('" + req.body.name + "')", you have created a SQL Injection vulnerability. If a user types '); DROP TABLE users; -- as their name, the database will execute it and delete your table. ALWAYS use Parameterized Queries (e.g., VALUES ($1)).
