Explain Codes LogoExplain Codes Logo

How to connect to SQL Server database from JavaScript in the browser?

javascript
sql-connection
database-security
express-js
Anton ShumikhinbyAnton Shumikhin·Dec 15, 2024
TLDR

Establishing database connections from browser-based JavaScript is a risk. Instead, delegate such tasks to a reliable API on your server. A Node.js application with Express could query the SQL Server using mssql while your front-end communicates with this API via HTTP requests.

Here's how you could use Express and mssql:

const express = require('express'); // Enter Express, the "Swiss Army Knife" of Node.js
const sql = require('mssql'); // Our SQL server whisperer 
const app = express(); // Kickstart the Express engine

app.get('/data', async (req, res) => {
  try {
    await sql.connect({user: 'user', password: 'pwd', server: 'host', database: 'db'}); // Let the whispering begin
    const result = await sql.query('SELECT * FROM table'); // "Hey SQL, show me the table!"
    res.json(result.recordset); // SQL server whispers back: "Alright, here's your data"
  } catch (err) { 
    res.status(500).send('DB error');
  }
});

app.listen(3000); // Tune in to port 3000 for whispers of sweet data...

And this could be your front-end fetch call:

fetch('http://localhost:3000/data') // Our whisper ticket to SQL server
  .then(r => r.json())
  .then(console.log) // Hear what SQL has to say
  .catch(console.error); // Oops, we didn't quite get that, could you repeat please?

Selecting the right technology stack

Understanding the technology stack specific to your application's needs is critical. This determines performance, scalability, and most notably, security. While Node.js provides a robust option for server-side programming, other frontiers like ASP.NET Core or Java Servlets could be equally inviting. They pack substantial security standards and are customized for intense database negotiations.

Re-engineer your server-side code to get its whisper game strong based on your language preference.

Security - We're on the watch!

Your database's safety net must wrap around it strongly and subtly. Don't spill out any sensitive strings! Instead, camouflage them in environment variables and let secure API endpoints handle the conversations.

app.get('/data', async (req, res) => {
  const config = { 
    user: process.env.DB_USER, // "Hey Siri, what's the DB username?"
    password: process.env.DB_PASSWORD, // "Alexa, speak out the DB password"
    server: process.env.DB_SERVER, // "Google, reveal the DB server"
    database: process.env.DB_NAME // "Echo, reveal the DB name"
  };
  //Continue securely connecting and querying...
});

Let your server-side code take a vow of silence and leave nothing behind!

The ActiveX maze

While ActiveX opens doors for database connectivity in Internet Explorer, it’s an** outdated and exposed** route. The modern way is all about power pact XMLHttpRequest or Fetch API to make safe and swift talks with your server-side code.

Star your safety procedures

Preemptive defense against SQL injection attacks starts by building a security wall around your SQL queries. Thanks to parameterized queries in Node.js libraries like mssql:

app.get('/data/:id', async (req, res) => {
  try {
    const id = req.params.id; // "Alright kid, show me your ID!"
    await sql.connect(config);
    const result = await sql.query`SELECT * FROM table WHERE id = ${id}`;
    res.json(result.recordset);
  } catch (err) {
    res.status(500).send('DB error'); // "Not today hackers, not today!"
  }
});

Building a secure fortress

All paths leading to your SQL Server database need to be under strict monitoring, with Express.js acting as your border patrol. Activate your middleware and routing superpowers here!

Express.js shields your database while HTTP requests enter, preserving them for genuine operations. Acting as a security shield, it flags anything suspicious before it gets close to the database.

Deployment and testing go hand in hand. Use authentication mechanisms to cross-check user identity and authorization measures to grant appropriate access.

As a best practice, ensure that your endpoints are working without hiccups before you deploy. Any error during deployment could expose sensitive data to malicious users.

explain-codes / Javascript / How to connect to SQL Server database from JavaScript in the browser?
Linked

Is it possible to access an SQLite database from JavaScript?

Send message to specific client with socket.io and node.js

How to access the request body when POSTing using Node.js and Express?

Execute a command line binary with Node.js

How to store arbitrary data for some HTML tags

Difference between "process.stdout.write" and "console.log" in node.js?

Connecting to TCP Socket from browser using javascript

Selecting the right technology stackSecurity - We're on the watch!The ActiveX mazeStar your safety proceduresBuilding a secure fortress
Linked

Is it possible to access an SQLite database from JavaScript?

Send message to specific client with socket.io and node.js

How to access the request body when POSTing using Node.js and Express?

Execute a command line binary with Node.js

How to store arbitrary data for some HTML tags

Difference between "process.stdout.write" and "console.log" in node.js?

Connecting to TCP Socket from browser using javascript